Vulnerability Description
A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Liferay Portal | >= 7.1.0, <= 7.4.2 |
| Liferay | Digital Experience Platform | 7.1 |
| Liferay | Dxp | 7.3 |
Related Weaknesses (CWE)
References
- https://issues.liferay.com/browse/LPE-17403Vendor Advisory
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisheVendor Advisory
- https://issues.liferay.com/browse/LPE-17403Vendor Advisory
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisheVendor Advisory
FAQ
What is CVE-2022-42110?
CVE-2022-42110 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pac...
How severe is CVE-2022-42110?
CVE-2022-42110 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-42110?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal, Liferay Digital Experience Platform, Liferay Dxp.