LSV-808: Reflected XSS in Kaleo Forms Admin

Affects versions

Fix versions

7.0.X EE

7.1.X EE

7.2.X EE

7.3.X EE

7.0 Fix Pack Version

7.1 Fix Pack Version

7.2 Fix Pack Version

7.3 Fix Pack Version

7.4 Fix Pack Version

None

CVE IDs

CVE-2021-29049

CVSS Base Score

6.1

CVSS Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Labels

liferay-dxp-73-sp1liferay-fixpack-de-99-7010liferay-fixpack-dxp-1-7310liferay-fixpack-dxp-12-7210liferay-fixpack-dxp-23-7110

Description

Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.

Activity

Show:

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
EE Support
Reporter
Enterprise Release HU
Priority
Low
Components

Zendesk Support

Created February 25, 2021 at 6:42 AM

Updated May 17, 2021 at 11:03 AM

Resolved March 17, 2021 at 4:10 AM

Configure

LSV-808: Reflected XSS in Kaleo Forms Admin

Affects versions

Fix versions

7.0 Fix Pack Version

7.1 Fix Pack Version

7.2 Fix Pack Version

7.3 Fix Pack Version

7.4 Fix Pack Version

CVE IDs

CVSS Base Score

CVSS Vector String

Labels

Description

Activity

DetailsAssigneeEE SupportEE SupportReporterEnterprise Release HUEnterprise Release HUPriorityLowComponents

Details

Assignee

Reporter

Priority

Components

Zendesk SupportLinked Tickets

Zendesk Support

Details
Assignee
EE Support
Reporter
Enterprise Release HU
Priority
Low
Components

Zendesk Support