Liferay Portal@7.4.3.16 Security Vulnerabilities and Issues — Liferay Portal@7.4.3.16 CVE List

Lucene search

LiferayLiferay Portal7.4.3.16

2 matches found

CVE•added 2022/11/15 1:15 a.m.•64 views

CVE-2022-42120

A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute.

9.8CVSS9.9AI score0.00296EPSS

CVE•added 2022/10/18 9:15 p.m.•48 views

CVE-2022-42117

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6.1AI score0.00244EPSS