First published: Tue Oct 18 2022(Updated: )
A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | <7.2 | |
Liferay DXP | =7.2 | |
Liferay DXP | =7.2-fix_pack_1 | |
Liferay DXP | =7.2-fix_pack_10 | |
Liferay DXP | =7.2-fix_pack_11 | |
Liferay DXP | =7.2-fix_pack_12 | |
Liferay DXP | =7.2-fix_pack_13 | |
Liferay DXP | =7.2-fix_pack_14 | |
Liferay DXP | =7.2-fix_pack_15 | |
Liferay DXP | =7.2-fix_pack_18 | |
Liferay DXP | =7.2-fix_pack_2 | |
Liferay DXP | =7.2-fix_pack_3 | |
Liferay DXP | =7.2-fix_pack_4 | |
Liferay DXP | =7.2-fix_pack_5 | |
Liferay DXP | =7.2-fix_pack_6 | |
Liferay DXP | =7.2-fix_pack_7 | |
Liferay DXP | =7.2-fix_pack_8 | |
Liferay DXP | =7.2-fix_pack_9 | |
Liferay DXP | =7.3 | |
Liferay DXP | =7.3-sp1 | |
Liferay DXP | =7.3-sp2 | |
Liferay DXP | =7.3-sp3 | |
Liferay DXP | =7.3-update_1 | |
Liferay DXP | =7.3-update_2 | |
Liferay DXP | =7.3-update_3 | |
Liferay DXP | =7.3-update_4 | |
Liferay DXP | =7.4-ga1 | |
Liferay DXP | =7.4-update_1 | |
Liferay DXP | =7.4-update_10 | |
Liferay DXP | =7.4-update_11 | |
Liferay DXP | =7.4-update_12 | |
Liferay DXP | =7.4-update_13 | |
Liferay DXP | =7.4-update_14 | |
Liferay DXP | =7.4-update_15 | |
Liferay DXP | =7.4-update_16 | |
Liferay DXP | =7.4-update_17 | |
Liferay DXP | =7.4-update_18 | |
Liferay DXP | =7.4-update_19 | |
Liferay DXP | =7.4-update_2 | |
Liferay DXP | =7.4-update_20 | |
Liferay DXP | =7.4-update_21 | |
Liferay DXP | =7.4-update_22 | |
Liferay DXP | =7.4-update_23 | |
Liferay DXP | =7.4-update_24 | |
Liferay DXP | =7.4-update_3 | |
Liferay DXP | =7.4-update_4 | |
Liferay DXP | =7.4-update_5 | |
Liferay DXP | =7.4-update_6 | |
Liferay DXP | =7.4-update_7 | |
Liferay DXP | =7.4-update_8 | |
Liferay DXP | =7.4-update_9 | |
Liferay Liferay Portal | >=7.2.0<7.4.3.25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-42112 is a Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal and Liferay DXP.
CVE-2022-42112 allows remote attackers to inject arbitrary web script or HTML via a crafted payload, potentially leading to cross-site scripting attacks.
Liferay Portal 7.2.0 through 7.4.3.24, Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 are affected by CVE-2022-42112.
CVE-2022-42112 has a severity rating of 5.4, which is considered medium.
You can find more information about CVE-2022-42112 on the Liferay website and the Liferay DXP security vulnerabilities page.