First published: Mon Apr 25 2022(Updated: )
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Digital Experience Platform | <7.3 | |
Liferay Digital Experience Platform | =7.3 | |
Liferay Digital Experience Platform | =7.3-fix_pack_1 | |
Liferay Digital Experience Platform | =7.3-fix_pack_2 | |
Liferay Liferay Portal | >=7.3.0<=7.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID of this vulnerability is CVE-2022-26597.
The severity level of CVE-2022-26597 is medium.
CVE-2022-26597 affects Liferay Portal 7.3.0 through 7.4.0 and Liferay DXP 7.3 before service pack 3.
With CVE-2022-26597, remote attackers can inject arbitrary web script or HTML via the site name.
Yes, a fix is available for CVE-2022-26597. Please refer to the official website of Liferay for more information.