CVE-2022-42117

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-42117
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42117.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-42117
Aliases
Published
2022-10-18T21:15:16.413Z
Modified
2026-04-10T04:54:00.666101Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4ffdd7225ef4a5fd922703263a3006a741a4d8d0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0515646c8f638f202d107469cc147172fc7685de
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
77b773677e0fa17b1a869414ad66220245ba96a8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4ffdd7225ef4a5fd922703263a3006a741a4d8d0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0515646c8f638f202d107469cc147172fc7685de
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
77b773677e0fa17b1a869414ad66220245ba96a8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6d28f4266948e7b0eeb14c3e8d16b3d81e02e8bb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f193301b2848899b008d51513af62a3b3a9b7888
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
548f3899675d89749f92b7623d25e27d0c4691c7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
548f3899675d89749f92b7623d25e27d0c4691c7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
75354f3482d7c5edb70f4cd72ed8664ce8079842
Introduced
0515646c8f638f202d107469cc147172fc7685de
Last affected
ad25d87862c8d2031396d2909c9add79c23f839e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3-sp1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3-sp2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3-sp3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3-update_1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3-update_2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3-update_3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3-update_4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3-update_5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.4-ga1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.4-update_1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.4-update_2"
        },
        {
            "introduced": "7.3.2"
        },
        {
            "last_affected": "7.4.3.16"
        }
    ]
}

Affected versions

6.*
6.1.0-b1
6.1.0-b2
6.1.0-b3
6.1.0-b4
6.1.0-rc1
6.2.0-b1
6.2.0-b2
6.2.0-m2
6.2.0-m3
6.2.0-m4
6.2.0-m5
6.2.0-m6
7.*
7.0.0-m1
7.0.0-m2
7.0.0-m3
7.0.0-m4
7.0.0-m5
7.1.0-a1
7.1.0-a2
7.1.0-b1
7.1.0-b2
7.1.0-m1
7.1.0-m2
7.2.0-a1
7.2.0-b1
7.2.0-b2
7.2.0-b3
7.2.0-m2
7.3.0-ga1
7.3.1-ga2
7.3.2-ga3
7.3.3-ga4
7.3.4-ga5
7.3.5-ga6
7.4.0-ga1
7.4.1-ga2
7.4.2-ga3
7.4.3.16-ga16
7.4.3.4-ga4
7.4.3.5-ga5
7.4.3.6-ga6
7.4.3.7-ga7
sync-3.*
sync-3.0.0-b1
sync-3.0.1-b2
sync-3.0.10-ga2
sync-3.0.2-b3
sync-3.0.3-b4
sync-3.0.4-b5
sync-3.0.5-b6
sync-3.0.6-b7
sync-3.0.7-b8
sync-3.0.8-b9
sync-3.0.9-ga1
sync-3.1.0-ga1
Other
test-fix-pack-base-7310

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42117.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "7.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_13"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_14"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_15"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_16"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update_9"
            }
        ]
    }
]