GHSA-658f-xhv4-p978
Suggest an improvement- Source
- https://github.com/advisories/GHSA-658f-xhv4-p978
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-658f-xhv4-p978/GHSA-658f-xhv4-p978.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-658f-xhv4-p978
- Aliases
- Published
- 2022-04-16T00:00:47Z
- Modified
- 2025-07-14T22:27:18.148652Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Liferay Portal and Liferay DXP allows arbitrary injection via form field
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in Dynamic Data Mapping Form Field Type before 6.0.11 from Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.
- Database specific
{ "github_reviewed": true, "nvd_published_at": "2022-04-15T16:15:00Z", "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2025-07-14T21:45:16Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-26594
- https://github.com/liferay/liferay-portal/commit/7c9348cc59271647cfd192c007d383d80ae9a667
- https://github.com/liferay/liferay-portal
- https://liferay.atlassian.net/browse/LPE-17290
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26594-xss-vulnerability-with-form-field-help-text?p_r_p_assetEntryId=121612173&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612173%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
Affected packages
Maven / com.liferay:com.liferay.dynamic.data.mapping.form.field.type
Package
- Name
- com.liferay:com.liferay.dynamic.data.mapping.form.field.type
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.0.11
Affected versions
1.*
1.0.0
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.20
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.27
2.1.28
2.1.29
2.1.30
2.1.31
2.1.32
2.1.33
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.0.21
3.0.22
3.0.23
3.0.24
3.0.25
3.0.26
3.0.27
3.0.28
3.0.29
3.0.30
3.0.31
3.0.32
3.0.33
3.0.34
3.0.35
3.0.36
3.0.37
3.0.38
3.0.39
3.0.40
3.0.41
3.0.42
3.0.43
3.0.44
3.0.45
3.0.46
3.0.47
3.0.48
3.0.49
3.0.50
3.0.51
3.0.52
3.0.53
3.0.54
3.0.55
3.0.56
3.0.57
3.0.58
3.0.59
3.0.60
3.0.61
3.0.62
3.0.63
3.0.64
3.0.65
3.0.66
3.0.67
3.0.68
3.0.69
3.0.70
3.0.71
3.0.72
3.0.73
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.18
4.0.19
4.0.20
4.0.21
4.0.22
4.0.23
4.0.24
4.0.25
4.0.26
4.0.27
4.0.28
4.0.29
4.0.30
4.0.31
4.0.32
4.0.33
4.0.34
4.0.35
4.0.36
4.0.37
4.0.38
4.0.39
4.0.40
4.0.41
4.0.42
4.0.43
4.0.44
4.0.45
4.0.46
4.0.47
4.0.48
4.0.49
4.0.50
4.0.51
4.0.52
4.0.53
4.0.54
4.0.55
4.0.56
4.0.57
4.0.58
4.0.59
4.0.60
4.0.61
4.0.62
4.0.63
4.0.64
4.0.65
4.0.66
4.0.67
4.0.68
4.0.69
4.0.70
4.0.71
4.0.72
4.0.73
4.0.74
4.0.75
4.0.76
4.0.77
4.0.78
4.0.79
4.0.80
4.0.81
4.0.82
4.0.83
4.0.84
4.0.85
4.0.86
4.0.87
4.0.88
4.0.89
4.0.90
4.0.91
4.0.92
4.0.93
4.0.94
4.0.95
4.0.96
4.0.97
4.0.98
4.0.99
4.0.100
4.0.101
4.0.102
4.0.103
4.0.104
4.0.105
4.0.106
4.0.107
4.0.108
4.0.109
4.0.110
4.0.111
4.0.112
4.0.113
4.0.114
4.0.115
4.0.116
4.0.117
4.0.118
4.0.119
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.30
5.0.31
5.0.32
5.0.33
5.0.34
5.0.35
5.0.36
5.0.37
5.0.38
5.0.39
5.0.40
5.0.41
5.0.42
5.0.43
5.0.44
5.0.45
5.0.46
5.0.47
5.0.48
5.0.49
5.0.50
5.0.51
5.0.52
5.0.53
5.0.54
5.0.55
5.0.56
5.0.57
5.0.58
5.0.59
5.0.60
5.0.61
5.0.62
5.0.63
5.0.64
5.0.65
5.0.66
5.0.67
5.0.68
5.0.69
5.0.70
5.0.71
5.0.72
5.0.73
5.0.74
5.0.75
5.0.76
5.0.77
5.0.78
5.0.79
5.0.80
5.0.81
5.0.82
5.0.83
5.0.84
5.0.85
5.0.86
5.0.87
5.0.88
5.0.89
5.0.90
5.0.91
5.0.92
5.0.93
5.0.94
5.0.95
5.0.96
5.0.97
5.0.98
5.0.99
5.0.100
5.0.101
5.0.102
5.0.103
5.0.104
5.0.105
5.0.106
5.0.107
5.0.108
5.0.109
5.0.110
5.0.111
5.0.112
5.0.113
5.0.114
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
Maven / com.liferay.portal:release.dxp.bom
Package
- Name
- com.liferay.portal:release.dxp.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.dxp.bom