First published: Tue Apr 19 2022(Updated: )
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Digital Experience Platform | <7.3 | |
Liferay Digital Experience Platform | =7.3 | |
Liferay Digital Experience Platform | =7.3-fix_pack_2 | |
Liferay Liferay Portal | >=7.3.3<7.3.7 | |
Liferay Liferay Portal | =7.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-26593 is a cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal and Liferay DXP.
The severity of CVE-2022-26593 is medium, with a CVSS score of 5.4.
CVE-2022-26593 affects Liferay Digital Experience Platform 7.3 and earlier versions.
CVE-2022-26593 affects Liferay Portal 7.3.3 through 7.3.7 and Liferay Portal 7.4.0.
To fix CVE-2022-26593, users should apply the necessary patches or updates provided by Liferay.