First published: Wed Sep 21 2022(Updated: )
A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.3 | |
Liferay DXP | =7.3-sp1 | |
Liferay DXP | =7.3-sp2 | |
Liferay DXP | =7.3-sp3 | |
Liferay Liferay Portal | >=7.3.3<7.4.3.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28982 is a cross-site scripting (XSS) vulnerability in Liferay Portal and Liferay DXP that allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-28982 impacts Liferay Portal versions 7.3.3 through 7.4.2 and Liferay DXP versions 7.3 before service pack 3.
The severity of CVE-2022-28982 is 6.1 (Medium).
An attacker can exploit CVE-2022-28982 by injecting a crafted payload into the name of a tag, allowing them to execute arbitrary web scripts or HTML.
Yes, you can find references for CVE-2022-28982 at the following links: [http://liferay.com](http://liferay.com) and [https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28982-reflected-xss-with-tag-name-in-%253Cliferay-asset-asset-tags-selector%253E](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28982-reflected-xss-with-tag-name-in-%253Cliferay-asset-asset-tags-selector%253E).