CVE-2022-42110
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD
Description
A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.
Affected (46)
Products: Liferay: Liferay Portal, Digital Experience Platform, Dxp
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 7.1.0 to 7.4.2 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.1 | |
| Version 7.3 |
References (4)
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.