A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
References
| Link | Resource |
|---|---|
| http://liferay.com | Product |
| https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Oct 2022, 18:34
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| CWE | CWE-79 | |
| First Time |
Liferay dxp
Liferay liferay Portal Liferay |
|
| CPE | cpe:2.3:a:liferay:dxp:7.4:update_32:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_33:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_36:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_35:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_31:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_30:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_34:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
|
| References | (MISC) https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113 - Patch, Vendor Advisory | |
| References | (MISC) http://liferay.com - Product |
18 Oct 2022, 21:18
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-10-18 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-42113
Mitre link : CVE-2022-42113
CVE.ORG link : CVE-2022-42113
JSON object : View
Products Affected
liferay
- dxp
- liferay_portal
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')