CVE-2022-28979: XSS
First published: Wed Sep 21 2022(Updated: )
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Liferay 7.4 GA | =7.1 | |
| Liferay 7.4 GA | =7.1-fix_pack_1 | |
| Liferay 7.4 GA | =7.1-fix_pack_10 | |
| Liferay 7.4 GA | =7.1-fix_pack_11 | |
| Liferay 7.4 GA | =7.1-fix_pack_12 | |
| Liferay 7.4 GA | =7.1-fix_pack_13 | |
| Liferay 7.4 GA | =7.1-fix_pack_14 | |
| Liferay 7.4 GA | =7.1-fix_pack_15 | |
| Liferay 7.4 GA | =7.1-fix_pack_16 | |
| Liferay 7.4 GA | =7.1-fix_pack_17 | |
| Liferay 7.4 GA | =7.1-fix_pack_18 | |
| Liferay 7.4 GA | =7.1-fix_pack_19 | |
| Liferay 7.4 GA | =7.1-fix_pack_2 | |
| Liferay 7.4 GA | =7.1-fix_pack_20 | |
| Liferay 7.4 GA | =7.1-fix_pack_21 | |
| Liferay 7.4 GA | =7.1-fix_pack_22 | |
| Liferay 7.4 GA | =7.1-fix_pack_23 | |
| Liferay 7.4 GA | =7.1-fix_pack_24 | |
| Liferay 7.4 GA | =7.1-fix_pack_25 | |
| Liferay 7.4 GA | =7.1-fix_pack_3 | |
| Liferay 7.4 GA | =7.1-fix_pack_4 | |
| Liferay 7.4 GA | =7.1-fix_pack_5 | |
| Liferay 7.4 GA | =7.1-fix_pack_6 | |
| Liferay 7.4 GA | =7.1-fix_pack_7 | |
| Liferay 7.4 GA | =7.1-fix_pack_8 | |
| Liferay 7.4 GA | =7.1-fix_pack_9 | |
| Liferay 7.4 GA | =7.2 | |
| Liferay 7.4 GA | =7.2-fix_pack_1 | |
| Liferay 7.4 GA | =7.2-fix_pack_10 | |
| Liferay 7.4 GA | =7.2-fix_pack_11 | |
| Liferay 7.4 GA | =7.2-fix_pack_12 | |
| Liferay 7.4 GA | =7.2-fix_pack_13 | |
| Liferay 7.4 GA | =7.2-fix_pack_14 | |
| Liferay 7.4 GA | =7.2-fix_pack_2 | |
| Liferay 7.4 GA | =7.2-fix_pack_3 | |
| Liferay 7.4 GA | =7.2-fix_pack_4 | |
| Liferay 7.4 GA | =7.2-fix_pack_5 | |
| Liferay 7.4 GA | =7.2-fix_pack_6 | |
| Liferay 7.4 GA | =7.2-fix_pack_7 | |
| Liferay 7.4 GA | =7.2-fix_pack_8 | |
| Liferay 7.4 GA | =7.2-fix_pack_9 | |
| Liferay 7.4 GA | =7.3 | |
| Liferay 7.4 GA | =7.3-sp1 | |
| Liferay 7.4 GA | =7.3-sp2 | |
| Liferay 7.4 GA | =7.3-sp3 | |
| Liferay 7.4 GA | >=7.1.0<7.4.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-28979?
The severity of CVE-2022-28979 is medium.
What is the affected software of CVE-2022-28979?
The affected software of CVE-2022-28979 is Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3.
How do I fix CVE-2022-28979?
To fix CVE-2022-28979, it is recommended to apply the relevant fix pack or service pack provided by Liferay.
What is the Common Weakness Enumeration (CWE) of CVE-2022-28979?
The Common Weakness Enumeration (CWE) of CVE-2022-28979 is CWE-79 (Cross-Site Scripting).
Where can I find more information about CVE-2022-28979?
You can find more information about CVE-2022-28979 on the official Liferay website, the Liferay issue tracker, and the Liferay security vulnerabilities page.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/liferay
- canonical/liferay 7.4 ga
- version/liferay 7.4 ga/7.1
- version/liferay 7.4 ga/7.1-fix_pack_1
- version/liferay 7.4 ga/7.1-fix_pack_10
- version/liferay 7.4 ga/7.1-fix_pack_11
- version/liferay 7.4 ga/7.1-fix_pack_12
- version/liferay 7.4 ga/7.1-fix_pack_13
- version/liferay 7.4 ga/7.1-fix_pack_14
- version/liferay 7.4 ga/7.1-fix_pack_15
- version/liferay 7.4 ga/7.1-fix_pack_16
- version/liferay 7.4 ga/7.1-fix_pack_17
- version/liferay 7.4 ga/7.1-fix_pack_18
- version/liferay 7.4 ga/7.1-fix_pack_19
- version/liferay 7.4 ga/7.1-fix_pack_2
- version/liferay 7.4 ga/7.1-fix_pack_20
- version/liferay 7.4 ga/7.1-fix_pack_21
- version/liferay 7.4 ga/7.1-fix_pack_22
- version/liferay 7.4 ga/7.1-fix_pack_23
- version/liferay 7.4 ga/7.1-fix_pack_24
- version/liferay 7.4 ga/7.1-fix_pack_25
- version/liferay 7.4 ga/7.1-fix_pack_3
- version/liferay 7.4 ga/7.1-fix_pack_4
- version/liferay 7.4 ga/7.1-fix_pack_5
- version/liferay 7.4 ga/7.1-fix_pack_6
- version/liferay 7.4 ga/7.1-fix_pack_7
- version/liferay 7.4 ga/7.1-fix_pack_8
- version/liferay 7.4 ga/7.1-fix_pack_9
- version/liferay 7.4 ga/7.2
- version/liferay 7.4 ga/7.2-fix_pack_1
- version/liferay 7.4 ga/7.2-fix_pack_10
- version/liferay 7.4 ga/7.2-fix_pack_11
- version/liferay 7.4 ga/7.2-fix_pack_12
- version/liferay 7.4 ga/7.2-fix_pack_13
- version/liferay 7.4 ga/7.2-fix_pack_14
- version/liferay 7.4 ga/7.2-fix_pack_2
- version/liferay 7.4 ga/7.2-fix_pack_3
- version/liferay 7.4 ga/7.2-fix_pack_4
- version/liferay 7.4 ga/7.2-fix_pack_5
- version/liferay 7.4 ga/7.2-fix_pack_6
- version/liferay 7.4 ga/7.2-fix_pack_7
- version/liferay 7.4 ga/7.2-fix_pack_8
- version/liferay 7.4 ga/7.2-fix_pack_9
- version/liferay 7.4 ga/7.3
- version/liferay 7.4 ga/7.3-sp1
- version/liferay 7.4 ga/7.3-sp2
- version/liferay 7.4 ga/7.3-sp3
- version/liferay 7.4 ga/7.1.0