[LPE-17211] LSV-808: Reflected XSS in Kaleo Forms Admin - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10), 7.2 DXP (7.2.10), 7.3 DXP (7.3.10)
Fix Version/s: 7.0.X EE, 7.1.x EE, 7.2.X EE, 7.3.X EE
Component/s: Business Productivity > Kaleo Workflow Forms, Security Vulnerability
Labels:

CVE IDs:
CVE-2021-29049
CVSS Base Score:
6.1
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.0 Fix Pack Version:
99
7.1 Fix Pack Version:
23
7.2 Fix Pack Version:
12
7.3 Fix Pack Version:
1

Description

Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Feb/21 6:42 AM

Updated:: 17/May/21 11:03 AM

Resolved:: 17/Mar/21 4:10 AM

Packages

Version	Package
7.0.X EE
7.1.x EE
7.2.X EE
7.3.X EE