Description

A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.

Remediation

References

CVE-2022-42113

Related Vulnerabilities

WordPress Plugin WooCommerce Checkout Manager Multiple Unspecified Vulnerabilities (3.6.9)

WordPress Plugin RestroPress-Online Food Ordering System Cross-Site Request Forgery (2.8.2)

MediaWiki CVE-2019-12473 Vulnerability (CVE-2019-12473)

WordPress Plugin WP Video Lightbox Cross-Site Scripting (1.9.2)

WordPress Plugin Membership by Supsystic SQL Injection (1.4.7)

Severity

Medium

Classification

CVE-2022-42113 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities