CVE-2022-42112

Published: Oct 18, 2022Modified: May 13, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.

Affected (52)

Products: Liferay: Digital Experience Platform, Dxp, Liferay Portal

Liferay

3 products

Digital Experience Platform

Dxp

Liferay Portal

Configuration A

52 vulnerable

Vulnerable Software	Affected Versions
Liferay Digital Experience Platform	Before 7.2
Liferay Digital Experience Platform	Version 7.2
Liferay Digital Experience Platform	Version 7.2 fix_pack_10
Liferay Digital Experience Platform	Version 7.2 fix_pack_11
Liferay Digital Experience Platform	Version 7.2 fix_pack_12
Liferay Digital Experience Platform	Version 7.2 fix_pack_13
Liferay Digital Experience Platform	Version 7.2 fix_pack_14
Liferay Digital Experience Platform	Version 7.2 fix_pack_15
Liferay Digital Experience Platform	Version 7.2 fix_pack_18
Liferay Digital Experience Platform	Version 7.2 fix_pack_1
Liferay Digital Experience Platform	Version 7.2 fix_pack_2
Liferay Digital Experience Platform	Version 7.2 fix_pack_3
Liferay Digital Experience Platform	Version 7.2 fix_pack_4
Liferay Digital Experience Platform	Version 7.2 fix_pack_5
Liferay Digital Experience Platform	Version 7.2 fix_pack_6
Liferay Digital Experience Platform	Version 7.2 fix_pack_7
Liferay Digital Experience Platform	Version 7.2 fix_pack_8
Liferay Digital Experience Platform	Version 7.2 fix_pack_9
Liferay Dxp	Version 7.3
Liferay Dxp	Version 7.3 sp1
Liferay Dxp	Version 7.3 sp2
Liferay Dxp	Version 7.3 sp3
Liferay Dxp	Version 7.3 update_1
Liferay Dxp	Version 7.3 update_2
Liferay Dxp	Version 7.3 update_3
Liferay Dxp	Version 7.3 update_4
Liferay Dxp	Version 7.4 ga1
Liferay Dxp	Version 7.4 update_10
Liferay Dxp	Version 7.4 update_11
Liferay Dxp	Version 7.4 update_12
Liferay Dxp	Version 7.4 update_13
Liferay Dxp	Version 7.4 update_14
Liferay Dxp	Version 7.4 update_15
Liferay Dxp	Version 7.4 update_16
Liferay Dxp	Version 7.4 update_17
Liferay Dxp	Version 7.4 update_18
Liferay Dxp	Version 7.4 update_19
Liferay Dxp	Version 7.4 update_1
Liferay Dxp	Version 7.4 update_20
Liferay Dxp	Version 7.4 update_21
Liferay Dxp	Version 7.4 update_22
Liferay Dxp	Version 7.4 update_23
Liferay Dxp	Version 7.4 update_24
Liferay Dxp	Version 7.4 update_2
Liferay Dxp	Version 7.4 update_3
Liferay Dxp	Version 7.4 update_4
Liferay Dxp	Version 7.4 update_5
Liferay Dxp	Version 7.4 update_6
Liferay Dxp	Version 7.4 update_7
Liferay Dxp	Version 7.4 update_8
Liferay Dxp	Version 7.4 update_9
Liferay Liferay Portal	From 7.2.0 to 7.4.3.25