CVE-2022-42112: XSS
First published: Tue Oct 18 2022(Updated: )
A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Liferay 7.4 GA | <7.2 | |
| Liferay 7.4 GA | =7.2 | |
| Liferay 7.4 GA | =7.2-fix_pack_1 | |
| Liferay 7.4 GA | =7.2-fix_pack_10 | |
| Liferay 7.4 GA | =7.2-fix_pack_11 | |
| Liferay 7.4 GA | =7.2-fix_pack_12 | |
| Liferay 7.4 GA | =7.2-fix_pack_13 | |
| Liferay 7.4 GA | =7.2-fix_pack_14 | |
| Liferay 7.4 GA | =7.2-fix_pack_15 | |
| Liferay 7.4 GA | =7.2-fix_pack_18 | |
| Liferay 7.4 GA | =7.2-fix_pack_2 | |
| Liferay 7.4 GA | =7.2-fix_pack_3 | |
| Liferay 7.4 GA | =7.2-fix_pack_4 | |
| Liferay 7.4 GA | =7.2-fix_pack_5 | |
| Liferay 7.4 GA | =7.2-fix_pack_6 | |
| Liferay 7.4 GA | =7.2-fix_pack_7 | |
| Liferay 7.4 GA | =7.2-fix_pack_8 | |
| Liferay 7.4 GA | =7.2-fix_pack_9 | |
| Liferay 7.4 GA | =7.3 | |
| Liferay 7.4 GA | =7.3-sp1 | |
| Liferay 7.4 GA | =7.3-sp2 | |
| Liferay 7.4 GA | =7.3-sp3 | |
| Liferay 7.4 GA | =7.3-update_1 | |
| Liferay 7.4 GA | =7.3-update_2 | |
| Liferay 7.4 GA | =7.3-update_3 | |
| Liferay 7.4 GA | =7.3-update_4 | |
| Liferay 7.4 GA | =7.4-ga1 | |
| Liferay 7.4 GA | =7.4-update_1 | |
| Liferay 7.4 GA | =7.4-update_10 | |
| Liferay 7.4 GA | =7.4-update_11 | |
| Liferay 7.4 GA | =7.4-update_12 | |
| Liferay 7.4 GA | =7.4-update_13 | |
| Liferay 7.4 GA | =7.4-update_14 | |
| Liferay 7.4 GA | =7.4-update_15 | |
| Liferay 7.4 GA | =7.4-update_16 | |
| Liferay 7.4 GA | =7.4-update_17 | |
| Liferay 7.4 GA | =7.4-update_18 | |
| Liferay 7.4 GA | =7.4-update_19 | |
| Liferay 7.4 GA | =7.4-update_2 | |
| Liferay 7.4 GA | =7.4-update_20 | |
| Liferay 7.4 GA | =7.4-update_21 | |
| Liferay 7.4 GA | =7.4-update_22 | |
| Liferay 7.4 GA | =7.4-update_23 | |
| Liferay 7.4 GA | =7.4-update_24 | |
| Liferay 7.4 GA | =7.4-update_3 | |
| Liferay 7.4 GA | =7.4-update_4 | |
| Liferay 7.4 GA | =7.4-update_5 | |
| Liferay 7.4 GA | =7.4-update_6 | |
| Liferay 7.4 GA | =7.4-update_7 | |
| Liferay 7.4 GA | =7.4-update_8 | |
| Liferay 7.4 GA | =7.4-update_9 | |
| Liferay 7.4 GA | >=7.2.0<7.4.3.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-42112?
CVE-2022-42112 is a Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal and Liferay DXP.
How does CVE-2022-42112 impact Liferay Portal and Liferay DXP?
CVE-2022-42112 allows remote attackers to inject arbitrary web script or HTML via a crafted payload, potentially leading to cross-site scripting attacks.
Which versions of Liferay Portal and Liferay DXP are affected by CVE-2022-42112?
Liferay Portal 7.2.0 through 7.4.3.24, Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 are affected by CVE-2022-42112.
How severe is CVE-2022-42112?
CVE-2022-42112 has a severity rating of 5.4, which is considered medium.
Where can I find more information about CVE-2022-42112?
You can find more information about CVE-2022-42112 on the Liferay website and the Liferay DXP security vulnerabilities page.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/liferay
- canonical/liferay 7.4 ga
- version/liferay 7.4 ga/7.2
- version/liferay 7.4 ga/7.2-fix_pack_1
- version/liferay 7.4 ga/7.2-fix_pack_10
- version/liferay 7.4 ga/7.2-fix_pack_11
- version/liferay 7.4 ga/7.2-fix_pack_12
- version/liferay 7.4 ga/7.2-fix_pack_13
- version/liferay 7.4 ga/7.2-fix_pack_14
- version/liferay 7.4 ga/7.2-fix_pack_15
- version/liferay 7.4 ga/7.2-fix_pack_18
- version/liferay 7.4 ga/7.2-fix_pack_2
- version/liferay 7.4 ga/7.2-fix_pack_3
- version/liferay 7.4 ga/7.2-fix_pack_4
- version/liferay 7.4 ga/7.2-fix_pack_5
- version/liferay 7.4 ga/7.2-fix_pack_6
- version/liferay 7.4 ga/7.2-fix_pack_7
- version/liferay 7.4 ga/7.2-fix_pack_8
- version/liferay 7.4 ga/7.2-fix_pack_9
- version/liferay 7.4 ga/7.3
- version/liferay 7.4 ga/7.3-sp1
- version/liferay 7.4 ga/7.3-sp2
- version/liferay 7.4 ga/7.3-sp3
- version/liferay 7.4 ga/7.3-update_1
- version/liferay 7.4 ga/7.3-update_2
- version/liferay 7.4 ga/7.3-update_3
- version/liferay 7.4 ga/7.3-update_4
- version/liferay 7.4 ga/7.4-ga1
- version/liferay 7.4 ga/7.4-update_1
- version/liferay 7.4 ga/7.4-update_10
- version/liferay 7.4 ga/7.4-update_11
- version/liferay 7.4 ga/7.4-update_12
- version/liferay 7.4 ga/7.4-update_13
- version/liferay 7.4 ga/7.4-update_14
- version/liferay 7.4 ga/7.4-update_15
- version/liferay 7.4 ga/7.4-update_16
- version/liferay 7.4 ga/7.4-update_17
- version/liferay 7.4 ga/7.4-update_18
- version/liferay 7.4 ga/7.4-update_19
- version/liferay 7.4 ga/7.4-update_2
- version/liferay 7.4 ga/7.4-update_20
- version/liferay 7.4 ga/7.4-update_21
- version/liferay 7.4 ga/7.4-update_22
- version/liferay 7.4 ga/7.4-update_23
- version/liferay 7.4 ga/7.4-update_24
- version/liferay 7.4 ga/7.4-update_3
- version/liferay 7.4 ga/7.4-update_4
- version/liferay 7.4 ga/7.4-update_5
- version/liferay 7.4 ga/7.4-update_6
- version/liferay 7.4 ga/7.4-update_7
- version/liferay 7.4 ga/7.4-update_8
- version/liferay 7.4 ga/7.4-update_9
- version/liferay 7.4 ga/7.2.0