Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.
{
"unresolved_ranges": [
{
"source": "DESCRIPTION",
"extracted_events": [
{
"introduced": "7.3.0"
},
{
"fixed": "7.4.0"
},
{
"introduced": "7.3"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/26xxx/CVE-2022-26597.json",
"cna_assigner": "mitre"
}