Lucene search
HistoryOct 18, 2022 - 9:15 p.m.
CVE-2022-42114
cve-2022-42114
cross-site scripting
xss
role module
liferay portal
security vulnerability
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
29.0%
A Cross-site scripting (XSS) vulnerability in the Role module’s edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.
Affected configurations
Node
liferaydxpRange<7.4
ORliferaydxpMatch7.4ga1
ORliferaydxpMatch7.4update_1
ORliferaydxpMatch7.4update_10
ORliferaydxpMatch7.4update_11
ORliferaydxpMatch7.4update_12
ORliferaydxpMatch7.4update_13
ORliferaydxpMatch7.4update_14
ORliferaydxpMatch7.4update_15
ORliferaydxpMatch7.4update_16
ORliferaydxpMatch7.4update_17
ORliferaydxpMatch7.4update_18
ORliferaydxpMatch7.4update_19
ORliferaydxpMatch7.4update_2
ORliferaydxpMatch7.4update_20
ORliferaydxpMatch7.4update_21
ORliferaydxpMatch7.4update_22
ORliferaydxpMatch7.4update_23
ORliferaydxpMatch7.4update_24
ORliferaydxpMatch7.4update_25
ORliferaydxpMatch7.4update_26
ORliferaydxpMatch7.4update_27
ORliferaydxpMatch7.4update_28
ORliferaydxpMatch7.4update_29
ORliferaydxpMatch7.4update_3
ORliferaydxpMatch7.4update_30
ORliferaydxpMatch7.4update_31
ORliferaydxpMatch7.4update_32
ORliferaydxpMatch7.4update_33
ORliferaydxpMatch7.4update_34
ORliferaydxpMatch7.4update_35
ORliferaydxpMatch7.4update_36
ORliferaydxpMatch7.4update_4
ORliferaydxpMatch7.4update_5
ORliferaydxpMatch7.4update_6
ORliferaydxpMatch7.4update_7
ORliferaydxpMatch7.4update_8
ORliferaydxpMatch7.4update_9
ORliferayliferay_portalRange7.4.0–7.4.3.37
| CPE | Name | Operator | Version |
|---|---|---|---|
| liferay:dxp | liferay dxp | lt | 7.4 |
| liferay:liferay_portal | liferay liferay portal | lt | 7.4.3.37 |
References
Social References
More
Related
osv
osv
CVE-2022-42114
2022-10-18 21:15:16
cvelist
cvelist
CVE-2022-42114
2022-10-18 00:00:00
prion
prion
Cross site scripting
2022-10-18 21:15:00
nvd
nvd
CVE-2022-42114
2022-10-18 21:15:16
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
29.0%
Related for CVE-2022-42114