Description

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.

Remediation

References

CVE-2022-42110

Related Vulnerabilities

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-25644)

WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.3)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-43288)

Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-28838)

WordPress Plugin Form Store to DB includes Backdoor [Only if downloaded via the vendor website] (1.0.9)

Severity

Medium

Classification

CVE-2022-42110 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities