CVE-2022-42116

Source
https://cve.org/CVERecord?id=CVE-2022-42116
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42116.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-42116
Aliases
Published
2022-10-18T00:00:00Z
Modified
2026-07-15T01:49:01.785643702Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.

Database specific
{
    "cna_assigner": "mitre",
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "introduced": "7.3.2"
                },
                {
                    "fixed": "7.4.3.14"
                },
                {
                    "introduced": "7.3"
                },
                {
                    "introduced": "7.4"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/42xxx/CVE-2022-42116.json"
}
References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.3.2"
        },
        {
            "fixed": "7.4.3.15"
        }
    ]
}

Affected versions

7.*
7.3.2-ga3
7.3.3-ga4
7.3.4-ga5
7.3.5-ga6
7.4.0-ga1
7.4.1-ga2
7.4.2-ga3
7.4.3.4-ga4
7.4.3.5-ga5
7.4.3.6-ga6
7.4.3.7-ga7
Other
test-fix-pack-base-7310

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42116.json"