admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-333xx/CVE-2021-33337.json

260 lines
9.7 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2021-33337",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-08-04T14:15:08.317",
"lastModified": "2021-08-11T00:10:30.497",
"vulnStatus": "Analyzed",
Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00
"cveTags": [],
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en el men\u00fa de adici\u00f3n de documentos del m\u00f3dulo de la Biblioteca de Documentos en Liferay Portal versiones 7.3.0 hasta 7.3.4, y Liferay DXP versiones 7.1 anteriores a fix pack 20, y versiones 7.2 anteriores a fix pack 9, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio del par\u00e1metro _com_liferay_document_library_web_portlet_DLAdminPortlet_name"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C2AA7E18-A41B-4F0D-A04F-57C5745D091B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "392B783D-620D-4C71-AAA0-848B16964A27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_10:*:*:*:*:*:*",
"matchCriteriaId": "4F5A94E2-22B7-4D2D-A491-29F395E727C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_11:*:*:*:*:*:*",
"matchCriteriaId": "E9B10908-C42B-4763-9D47-236506B0E84A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_12:*:*:*:*:*:*",
"matchCriteriaId": "CF544435-36AC-49B8-BA50-A6B6D1678BBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_13:*:*:*:*:*:*",
"matchCriteriaId": "9D265542-5333-4CCD-90E5-B5F6A55F9863"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_14:*:*:*:*:*:*",
"matchCriteriaId": "1763CD8B-3ACD-4617-A1CA-B9F77A074977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_15:*:*:*:*:*:*",
"matchCriteriaId": "F25C66AA-B60D-413C-A848-51E12D6080AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_16:*:*:*:*:*:*",
"matchCriteriaId": "071A0D53-EC95-4B18-9FA3-55208B1F7B94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_17:*:*:*:*:*:*",
"matchCriteriaId": "CC26A9D4-14D6-46B1-BB00-A2C4386EBCA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_18:*:*:*:*:*:*",
"matchCriteriaId": "350CDEDA-9A20-4BC3-BEAE-8346CED10CD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_19:*:*:*:*:*:*",
"matchCriteriaId": "10C6107E-79B3-4672-B3E5-8A2FA9A829CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "3233D306-3F8E-40A4-B132-7264E63DD131"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "9EAEA45A-0370-475E-B4CB-395A434DC3A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "39310F05-1DB6-43BA-811C-9CB91D6DCF20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "D6135B16-C89E-4F49-BA15-823E2AF26D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_6:*:*:*:*:*:*",
"matchCriteriaId": "CC887BEC-915B-44AC-B473-5448B3D8DCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_7:*:*:*:*:*:*",
"matchCriteriaId": "D7A7CC60-C294-41EC-B000-D15AAA93A3D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "022132F8-6E56-4A29-95D6-3B7861D39CDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_9:*:*:*:*:*:*",
"matchCriteriaId": "651DA9B7-9C11-47A7-AF5C-95625C8FFF6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*",
"matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*",
"matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*",
"matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0",
"versionEndIncluding": "7.3.4",
"matchCriteriaId": "8CDF8752-7AE9-43E4-81AD-DFD179486504"
}
]
}
]
}
],
"references": [
{
"url": "https://issues.liferay.com/browse/LPE-17101",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-33337-stored-xss-with-document-types-in-documents-and-media",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue Copy Permalink