CVE-2022-42110

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-42110

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42110.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-42110

Published

2022-11-15T00:15:12Z

Modified

2025-05-13T22:05:25.372056Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0515646c8f638f202d107469cc147172fc7685de

Last affected

0ac7dd652f3cac9b7880e6dea92912b2d02dca3a

Last affected

4ffdd7225ef4a5fd922703263a3006a741a4d8d0

Last affected

59148a8775a2b2345694a023683d95b478c483c6

Last affected

75354f3482d7c5edb70f4cd72ed8664ce8079842

Last affected

a3f823cf755fcf3660cd6c2c334840e9596ced9e

Last affected

ded0e9390637985231e962e4ad4cfa4639eabb26

Affected versions

6.*

6.1.0-b1

6.1.0-b2

6.1.0-b3

6.1.0-b4

6.1.0-rc1

6.2.0-b1

6.2.0-b2

6.2.0-m2

6.2.0-m3

6.2.0-m4

6.2.0-m5

6.2.0-m6

7.*

7.0.0-m1

7.0.0-m2

7.0.0-m3

7.0.0-m4

7.0.0-m5

7.1.0-a1

7.1.0-a2

7.1.0-b1

7.1.0-b2

7.1.0-ga1

7.1.0-m1

7.1.0-m2

7.1.0-rc1

7.1.2-ga3

7.2.0-a1

7.2.0-b1

7.2.0-b2

7.2.0-b3

7.2.0-ga1

7.2.0-m2

7.2.0-rc2

7.2.0-rc3

7.2.1-ga2

7.3.0-ga1

7.3.1-ga2

7.3.2-ga3

sync-3.*

sync-3.0.0-b1

sync-3.0.1-b2

sync-3.0.10-ga2

sync-3.0.2-b3

sync-3.0.3-b4

sync-3.0.4-b5

sync-3.0.5-b6

sync-3.0.6-b7

sync-3.0.7-b8

sync-3.0.8-b9

sync-3.0.9-ga1

sync-3.1.0-ga1