GHSA-3vww-jrmm-9vff
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3vww-jrmm-9vff
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-3vww-jrmm-9vff/GHSA-3vww-jrmm-9vff.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3vww-jrmm-9vff
- Aliases
-
- BIT-liferay-2022-26597
- CVE-2022-26597
- Published
- 2022-04-26T00:00:36Z
- Modified
- 2025-07-14T22:26:56.363196Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Liferay Portal and Liferay DXP allows arbitrary injection via the site name
- Details
-
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration before 2.0.4 in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.
- Database specific
{ "nvd_published_at": "2022-04-25T16:16:00Z", "github_reviewed": true, "github_reviewed_at": "2025-07-14T21:42:35Z", "severity": "MODERATE", "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-26597
- https://github.com/liferay/liferay-portal/commit/fd7fc6e186b36944b045e0fdf368e588889c3f02
- https://github.com/liferay/liferay-portal
- https://liferay.atlassian.net/browse/LPE-17282
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26597-stored-xss-with-site-name-in-open-graph-integration?p_r_p_assetEntryId=121612214&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612214%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
Affected packages
Maven / com.liferay:com.liferay.layout.seo.web
Package
- Name
- com.liferay:com.liferay.layout.seo.web
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay/com.liferay.layout.seo.web
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.4
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.0.30
1.0.31
1.0.32
1.0.33
1.0.34
1.0.35
1.0.36
1.0.37
1.0.38
1.0.39
1.0.40
1.0.41
1.0.42
1.0.43
1.0.44
1.0.45
1.0.46
1.0.47
1.0.48
1.0.49
1.0.50
1.0.51
1.0.52
1.0.53
1.0.54
1.0.55
1.0.56
1.0.57
1.0.58
1.0.59
1.0.60
1.0.61
1.0.62
1.0.63
1.0.64
1.0.65
1.0.66
1.0.67
1.0.68
1.0.69
1.0.70
2.*
2.0.0
2.0.1
2.0.2
2.0.3
Maven / com.liferay.portal:release.dxp.bom
Package
- Name
- com.liferay.portal:release.dxp.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.dxp.bom