CVE-2022-38902

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-38902

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38902.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-38902

Published

2022-10-13T13:15:10Z

Modified

2025-05-15T20:38:25.213763Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Last affected

0515646c8f638f202d107469cc147172fc7685de

Last affected

29b73b9b896c7d44fb5d1800a402698c303d1cf6

Last affected

3cc350081830d5b3ed7848d769d3985a6bbf0469

Last affected

4ffdd7225ef4a5fd922703263a3006a741a4d8d0

Last affected

6d28f4266948e7b0eeb14c3e8d16b3d81e02e8bb

Last affected

77b773677e0fa17b1a869414ad66220245ba96a8

Introduced

b072f5df5544a28677824835b490ce8a867bf133

Last affected

ec84d86679146b84af526f96471a730c340dda78

Last affected

f193301b2848899b008d51513af62a3b3a9b7888

Affected versions

7.*

7.3.0-ga1

7.3.1-ga2

7.3.2-ga3