Liferay Portal CVE-2022-45320 Vulnerability (CVE-2022-45320)

Description

Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.

Remediation

References

CVE-2022-45320

Related Vulnerabilities

WordPress Plugin Simple Link Directory PHP Object Injection (5.5.0)

WordPress Plugin Migration, Backup, Staging-WPvivid Cross-Site Scripting (0.9.55)

phpMyFAQ Incorrect Authorization Vulnerability (CVE-2024-22208)

WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.87)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17300)

Severity

Medium

Classification

CVE-2022-45320 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L