Description

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.

Related CPE's

a

liferay

liferay_portal

Vulnerable

a

liferay

digital_experience_platform

42

a

liferay

dxp

3

References

https://issues.liferay.com/browse/LPE-17403

Vendor Advisory

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42110

Vendor Advisory

https://issues.liferay.com/browse/LPE-17403

Vendor Advisory

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42110

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-79

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-15T00:15:12.817

3 years ago

Last modified

2025-05-13T18:17:51.450

7 months ago