Description

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

Remediation

References

CVE-2022-42117

Related Vulnerabilities

WordPress Plugin MyLiveChat-Free Live Chat Plugin for WordPress Cross-Site Scripting (2.0.1)

WordPress Plugin SEO Rank Reporter Cross-Site Scripting (2.2.2)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2550)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.9.18)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5406)

Severity

Medium

Classification

CVE-2022-42117 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities