Description

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.

Remediation

References

CVE-2022-42110

Related Vulnerabilities

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (9.0.1)

WordPress Plugin Appointments PHP Object Injection (2.2.1)

WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Scripting (3.1.23)

WordPress Plugin WappPress-Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute Arbitrary File Upload (5.0.3)

WordPress Plugin AVK-Shop Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

Severity

Medium

Classification

CVE-2022-42110 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities