Description

Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field.

Remediation

References

CVE-2022-42115

Related Vulnerabilities

Roundcube Resource Management Errors Vulnerability (CVE-2008-5620)

XWiki Incorrect Authorization Vulnerability (CVE-2023-50732)

WordPress Plugin One page checkout and layouts for woocommerce Unspecified Vulnerability (2.7)

WordPress Plugin WP Mail Logging Security Bypass (1.9.9)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4301)

Severity

Medium

Classification

CVE-2022-42115 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities