Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42119)

Description

Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.

Remediation

References

CVE-2022-42119

Related Vulnerabilities

MySQL CVE-2018-3156 Vulnerability (CVE-2018-3156)

Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2011-1134)

Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-12883)

Ruby on Rails Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-8162)

WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3)

Severity

Medium

Classification

CVE-2022-42119 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N