WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42110)

Description

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.

Remediation

References

Related Vulnerabilities

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12100)

WordPress Plugin Include Me Remote Code Execution (1.2.1)

SharePoint CVE-2020-17061 Vulnerability (CVE-2020-17061)

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40888)

Oracle JRE CVE-2012-4416 Vulnerability (CVE-2012-4416)

Severity

Medium

Classification

CVE-2022-42110 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities