{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "7.1-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_10" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_11" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_12" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_13" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_14" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_15" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_16" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_17" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_18" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_19" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_20" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_7" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_8" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_9" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_7" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_8" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_9" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.3-NA" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "7.1-fix_pack_1" }, { "introduced": "0" }, { "last_affected": "7.1-fix_pack_2" }, { "introduced": "0" }, { "last_affected": "7.1-fix_pack_3" }, { "introduced": "0" }, { "last_affected": "7.2-fix_pack_1" }, { "introduced": "7.2.0" }, { "last_affected": "7.3.5" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "59148a8775a2b2345694a023683d95b478c483c6" }, { "introduced": "0" }, { "last_affected": "0ac7dd652f3cac9b7880e6dea92912b2d02dca3a" }, { "introduced": "0" }, { "last_affected": "a3f823cf755fcf3660cd6c2c334840e9596ced9e" }, { "introduced": "0" }, { "last_affected": "ded0e9390637985231e962e4ad4cfa4639eabb26" }, { "introduced": "0" }, { "last_affected": "f193301b2848899b008d51513af62a3b3a9b7888" } ], "repo": "https://github.com/liferay/liferay-portal", "type": "GIT" } ] } ], "details": "Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId parameter.", "id": "CVE-2021-29051", "modified": "2026-04-01T23:10:02.061595228Z", "published": "2021-05-17T12:15:07.460Z", "references": [ { "type": "ADVISORY", "url": "http://liferay.com" }, { "type": "ADVISORY", "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }