First published: Thu Sep 22 2022(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.4-ga | |
Liferay Liferay Portal | <7.4.3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28980 is a vulnerability in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA that allows attackers to execute arbitrary web scripts or HTML through cross-site scripting (XSS) attacks.
The severity of CVE-2022-28980 is medium, with a CVSS score of 6.1.
CVE-2022-28980 affects Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA, allowing attackers to exploit cross-site scripting vulnerabilities through parameters with the filter_ prefix.
An attacker can exploit CVE-2022-28980 by injecting malicious web scripts or HTML through parameters with the filter_ prefix, potentially leading to the execution of arbitrary code on vulnerable Liferay Portals or Liferay DXP instances.
Yes, the fix for CVE-2022-28980 is available in Liferay Portal v7.4.3.5 and later versions, and in Liferay DXP v7.4 FP18 and later versions.