CVE-2022-42118

2022-11-1500:00:00

mitre

www.cve.org

cve-2022-42118

cross-site scripting

liferay portal

remote attackers

web script injection

html injection

tag parameter

EPSS

0.001

Percentile

49.6%

JSON

A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.