First published: Tue Oct 18 2022(Updated: )
A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | <7.4 | |
Liferay DXP | =7.4-ga1 | |
Liferay DXP | =7.4-update_1 | |
Liferay DXP | =7.4-update_10 | |
Liferay DXP | =7.4-update_11 | |
Liferay DXP | =7.4-update_12 | |
Liferay DXP | =7.4-update_13 | |
Liferay DXP | =7.4-update_14 | |
Liferay DXP | =7.4-update_15 | |
Liferay DXP | =7.4-update_16 | |
Liferay DXP | =7.4-update_17 | |
Liferay DXP | =7.4-update_18 | |
Liferay DXP | =7.4-update_19 | |
Liferay DXP | =7.4-update_2 | |
Liferay DXP | =7.4-update_20 | |
Liferay DXP | =7.4-update_21 | |
Liferay DXP | =7.4-update_22 | |
Liferay DXP | =7.4-update_23 | |
Liferay DXP | =7.4-update_24 | |
Liferay DXP | =7.4-update_25 | |
Liferay DXP | =7.4-update_26 | |
Liferay DXP | =7.4-update_27 | |
Liferay DXP | =7.4-update_28 | |
Liferay DXP | =7.4-update_29 | |
Liferay DXP | =7.4-update_3 | |
Liferay DXP | =7.4-update_30 | |
Liferay DXP | =7.4-update_31 | |
Liferay DXP | =7.4-update_32 | |
Liferay DXP | =7.4-update_33 | |
Liferay DXP | =7.4-update_34 | |
Liferay DXP | =7.4-update_35 | |
Liferay DXP | =7.4-update_36 | |
Liferay DXP | =7.4-update_4 | |
Liferay DXP | =7.4-update_5 | |
Liferay DXP | =7.4-update_6 | |
Liferay DXP | =7.4-update_7 | |
Liferay DXP | =7.4-update_8 | |
Liferay DXP | =7.4-update_9 | |
Liferay Liferay Portal | >=7.4.0<7.4.3.37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-42114 is a Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37.
CVE-2022-42114 affects Liferay DXP versions 7.4.0 through 7.4.3.36 before update 37.
The severity of CVE-2022-42114 is medium with a CVSS score of 5.4.
Remote attackers can exploit CVE-2022-42114 by injecting arbitrary web script or HTML through the Role module's edit role assignees page.
Yes, the fix for CVE-2022-42114 is to update Liferay Portal or Liferay DXP to version 7.4.3.37 or apply the appropriate security patch.