First published: Tue Oct 18 2022(Updated: )
A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.4-update_30 | |
Liferay DXP | =7.4-update_31 | |
Liferay DXP | =7.4-update_32 | |
Liferay DXP | =7.4-update_33 | |
Liferay DXP | =7.4-update_34 | |
Liferay DXP | =7.4-update_35 | |
Liferay DXP | =7.4-update_36 | |
Liferay Liferay Portal | >=7.4.3.30<7.4.3.37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-42113 is a Cross-site scripting (XSS) vulnerability in the Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36 and Liferay DXP 7.4 update 30 through update 36.
The severity of CVE-2022-42113 is medium with a score of 6.1.
Liferay Portal versions 7.4.3.30 through 7.4.3.36 and Liferay DXP versions 7.4 update 30 through update 36 are affected by CVE-2022-42113.
CVE-2022-42113 can be exploited by remote attackers injecting arbitrary web script or HTML via the `redirect` parameter in the Document Library module.
Yes, the vulnerability has been fixed in Liferay Portal versions 7.4.3.37 and above, and Liferay DXP versions 7.4 update 37 and above.