Vulnerability Description
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Liferay Portal | >= 7.3.5, <= 7.4.2 |
| Liferay | Dxp | 7.3 |
Related Weaknesses (CWE)
References
- http://liferay.comVendor Advisory
- https://issues.liferay.com/browse/LPE-17632Issue TrackingVendor Advisory
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisheVendor Advisory
- http://liferay.comVendor Advisory
- https://issues.liferay.com/browse/LPE-17632Issue TrackingVendor Advisory
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisheVendor Advisory
FAQ
What is CVE-2022-42119?
CVE-2022-42119 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.
How severe is CVE-2022-42119?
CVE-2022-42119 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-42119?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal, Liferay Dxp.