Description

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

Remediation

References

CVE-2022-42117

Related Vulnerabilities

Liferay Portal CVE-2021-33330 Vulnerability (CVE-2021-33330)

MySQL CVE-2019-2802 Vulnerability (CVE-2019-2802)

MediaWiki Incorrect Default Permissions Vulnerability (CVE-2021-44858)

WordPress Plugin Calendar Event Multi View SQL Injection (1.01)

WordPress Plugin ShareYourCart Information Disclosure (1.6.1)

Severity

Medium

Classification

CVE-2022-42117 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities