First published: Mon Nov 14 2022(Updated: )
A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Liferay Portal | >=7.1.0<=7.4.2 | |
Liferay DXP | =7.1 | |
Liferay DXP | =7.1-fix_pack_1 | |
Liferay DXP | =7.1-fix_pack_10 | |
Liferay DXP | =7.1-fix_pack_11 | |
Liferay DXP | =7.1-fix_pack_12 | |
Liferay DXP | =7.1-fix_pack_13 | |
Liferay DXP | =7.1-fix_pack_14 | |
Liferay DXP | =7.1-fix_pack_15 | |
Liferay DXP | =7.1-fix_pack_16 | |
Liferay DXP | =7.1-fix_pack_17 | |
Liferay DXP | =7.1-fix_pack_18 | |
Liferay DXP | =7.1-fix_pack_19 | |
Liferay DXP | =7.1-fix_pack_2 | |
Liferay DXP | =7.1-fix_pack_20 | |
Liferay DXP | =7.1-fix_pack_21 | |
Liferay DXP | =7.1-fix_pack_22 | |
Liferay DXP | =7.1-fix_pack_23 | |
Liferay DXP | =7.1-fix_pack_24 | |
Liferay DXP | =7.1-fix_pack_25 | |
Liferay DXP | =7.1-fix_pack_3 | |
Liferay DXP | =7.1-fix_pack_4 | |
Liferay DXP | =7.1-fix_pack_5 | |
Liferay DXP | =7.1-fix_pack_6 | |
Liferay DXP | =7.1-fix_pack_7 | |
Liferay DXP | =7.1-fix_pack_8 | |
Liferay DXP | =7.1-fix_pack_9 | |
Liferay DXP | =7.2 | |
Liferay DXP | =7.2-fix_pack_1 | |
Liferay DXP | =7.2-fix_pack_10 | |
Liferay DXP | =7.2-fix_pack_11 | |
Liferay DXP | =7.2-fix_pack_12 | |
Liferay DXP | =7.2-fix_pack_13 | |
Liferay DXP | =7.2-fix_pack_14 | |
Liferay DXP | =7.2-fix_pack_15 | |
Liferay DXP | =7.2-fix_pack_2 | |
Liferay DXP | =7.2-fix_pack_3 | |
Liferay DXP | =7.2-fix_pack_4 | |
Liferay DXP | =7.2-fix_pack_5 | |
Liferay DXP | =7.2-fix_pack_6 | |
Liferay DXP | =7.2-fix_pack_7 | |
Liferay DXP | =7.2-fix_pack_8 | |
Liferay DXP | =7.2-fix_pack_9 | |
Liferay DXP | =7.3 | |
Liferay DXP | =7.3-sp1 | |
Liferay DXP | =7.3-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-42110 is a Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.
CVE-2022-42110 has a severity level of medium with a CVSS score of 6.1.
CVE-2022-42110 affects Liferay Portal versions 7.1.0 through 7.4.2, Liferay DXP versions 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.
Remote attackers can exploit CVE-2022-42110 by injecting arbitrary web script or HTML using a Cross-site scripting (XSS) attack on the Announcements module in Liferay Portal and Liferay DXP.
Yes, fixes are available for CVE-2022-42110. For Liferay Portal, upgrade to version 7.4.3 or apply the necessary fix pack. For Liferay DXP, upgrade to the corresponding fix pack or service pack depending on the version.