A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
References
Link | Resource |
---|---|
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113 | Patch Vendor Advisory |
http://liferay.com | Product |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-10-18 14:15
Updated : 2022-10-20 11:34
NVD link : CVE-2022-42113
Mitre link : CVE-2022-42113
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
liferay
- liferay_portal
- dxp