A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
References
Link | Resource |
---|---|
http://liferay.com | Product |
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-10-18 21:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-42113
Mitre link : CVE-2022-42113
CVE.ORG link : CVE-2022-42113
JSON object : View
Products Affected
liferay
- dxp
- liferay_portal
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')