CVE-2022-26593
19.04.2022, 13:15
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.
| Vendor | Product | Version |
|---|---|---|
| liferay | digital_experience_platform | 𝑥 < 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3:fix_pack_2 |
| liferay | liferay_portal | 7.3.3 ≤ 𝑥 < 7.3.7 |
| liferay | liferay_portal | 7.4.0 |
𝑥
= Vulnerable software versions
References