CVE-2022-42113

A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:liferay:dxp:7.4:update_30:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_31:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_32:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_33:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_34:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_36:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_35:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Information

Published : 2022-10-18 14:15

Updated : 2022-10-20 11:34


NVD link : CVE-2022-42113

Mitre link : CVE-2022-42113


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

liferay

  • liferay_portal
  • dxp