Security Listings

6.1

CVE-2022-42118 Reflected XSS with `tag` in Search

Description

Cross-site scripting (XSS) vulnerability in the Portal Search module's Tag Facet widget in Liferay Portal 7.1.0 through 7.4.2 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter.

Severity

6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Version(s)

Liferay Portal 7.1.0 - 7.1.3
Liferay Portal 7.2.0 - 7.2.1
Liferay Portal 7.3.0 - 7.3.7
Liferay Portal 7.4.0 - 7.4.2

Fixed Version(s)

Liferay Portal 7.4.3.4

There is no fix available for Liferay Portal 7.1, 7.2 and 7.3. Please upgrade to Liferay Portal 7.4.

CVE-2022-42118

Publication Date:

Outubro 19, 2022

Found a Bug?

If you have found, or think you have found a bug, help us to help you by letting us know!

Learn How >

Found a Security Vulnerability?

There's a different process available if you have a security issue to report...

Learn How >

Hall of Fame!

Raise your profile - report security vulnerabilities and enter the Hall of Fame!

Learn How >

Community

Company

Feedback