CVE-2021-38263 Reflected XSS with Script page


Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the output of a Groovy script.


Severity 2

Fixed Version(s)

There is no fix available for Liferay Portal 7.1 and earlier. Please upgrade to Liferay Portal 7.3.

Publication date: Mon, 30 Aug 2021 16:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.