CVE-2022-42112

A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
liferaydigital_experience_platform
𝑥
< 7.2
liferaydigital_experience_platform
7.2
liferaydigital_experience_platform
7.2:fix_pack_1
liferaydigital_experience_platform
7.2:fix_pack_10
liferaydigital_experience_platform
7.2:fix_pack_11
liferaydigital_experience_platform
7.2:fix_pack_12
liferaydigital_experience_platform
7.2:fix_pack_13
liferaydigital_experience_platform
7.2:fix_pack_14
liferaydigital_experience_platform
7.2:fix_pack_15
liferaydigital_experience_platform
7.2:fix_pack_18
liferaydigital_experience_platform
7.2:fix_pack_2
liferaydigital_experience_platform
7.2:fix_pack_3
liferaydigital_experience_platform
7.2:fix_pack_4
liferaydigital_experience_platform
7.2:fix_pack_5
liferaydigital_experience_platform
7.2:fix_pack_6
liferaydigital_experience_platform
7.2:fix_pack_7
liferaydigital_experience_platform
7.2:fix_pack_8
liferaydigital_experience_platform
7.2:fix_pack_9
liferaydxp
7.3
liferaydxp
7.3:sp1
liferaydxp
7.3:sp2
liferaydxp
7.3:sp3
liferaydxp
7.3:update_1
liferaydxp
7.3:update_2
liferaydxp
7.3:update_3
liferaydxp
7.3:update_4
liferaydxp
7.4:ga1
liferaydxp
7.4:update_1
liferaydxp
7.4:update_10
liferaydxp
7.4:update_11
liferaydxp
7.4:update_12
liferaydxp
7.4:update_13
liferaydxp
7.4:update_14
liferaydxp
7.4:update_15
liferaydxp
7.4:update_16
liferaydxp
7.4:update_17
liferaydxp
7.4:update_18
liferaydxp
7.4:update_19
liferaydxp
7.4:update_2
liferaydxp
7.4:update_20
liferaydxp
7.4:update_21
liferaydxp
7.4:update_22
liferaydxp
7.4:update_23
liferaydxp
7.4:update_24
liferaydxp
7.4:update_3
liferaydxp
7.4:update_4
liferaydxp
7.4:update_5
liferaydxp
7.4:update_6
liferaydxp
7.4:update_7
liferaydxp
7.4:update_8
liferaydxp
7.4:update_9
liferayliferay_portal
7.2.0 ≤
𝑥
< 7.4.3.25
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112
http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112