First published: Tue Nov 15 2022(Updated: )
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Liferay Portal | >=7.3.5<=7.4.2 | |
Liferay DXP | =7.3 | |
Liferay DXP | =7.3-update_1 | |
Liferay DXP | =7.3-update_2 | |
Liferay DXP | =7.3-update_3 | |
Liferay DXP | =7.3-update_4 | |
Liferay DXP | =7.3-update_5 | |
Liferay DXP | =7.3-update_6 | |
Liferay DXP | =7.3-update_7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-42119 is medium with a score of 5.4.
CVE-2022-42119 affects Liferay Portal versions 7.3.5 through 7.4.2 and Liferay DXP version 7.3 before update 8.
CVE-2022-42119 is a Cross Site Scripting (XSS) vulnerability.
To fix CVE-2022-42119, it is recommended to update your Liferay Portal or Liferay DXP to the latest version available.
You can find more information about CVE-2022-42119 on the official Liferay website, the Liferay issue tracker, and the Liferay developer portal.