GHSA-cmrw-cgfc-v6x2

Source

https://github.com/advisories/GHSA-cmrw-cgfc-v6x2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-cmrw-cgfc-v6x2/GHSA-cmrw-cgfc-v6x2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cmrw-cgfc-v6x2

Aliases

CVE-2022-42114

Published

2022-10-19T12:00:23Z

Modified

2025-07-16T19:27:19.162941Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Liferay Portal and Liferay DXP Vulnerable to XSS via the Role Module

Details

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Roles Admin Web before 5.0.48 from Liferay Portal (7.4.0 through 7.4.3.36), and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

Database specific

{
    "nvd_published_at": "2022-10-18T21:15:00Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-16T17:50:30Z"
}

References

Affected packages

Maven / com.liferay:com.liferay.roles.admin.web

Package

Name: com.liferay:com.liferay.roles.admin.web; View open source insights on deps.dev
Purl: pkg:maven/com.liferay/com.liferay.roles.admin.web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.48

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.20

1.0.21

1.0.22

1.0.23

1.0.24

1.0.25

1.0.26

1.0.27

1.0.28

1.0.29

1.0.30

1.0.31

1.0.32

1.0.33

1.0.34

1.0.35

1.0.36

1.0.37

1.0.38

1.0.39

1.0.40

1.0.41

1.0.42

1.0.43

1.0.44

1.0.45

1.0.46

1.0.47

1.0.48

1.0.49

1.0.50

1.0.51

1.0.52

1.0.53

1.0.54

1.0.55

1.0.56

1.0.57

1.0.58

1.0.59

1.0.60

1.0.61

1.0.62

1.0.63

1.0.64

1.0.65

1.0.66

1.0.67

1.0.68

1.0.69

1.0.70

1.0.71

1.0.72

1.0.73

1.0.74

1.0.75

1.0.76

1.0.77

1.0.78

1.0.79

1.0.80

1.0.81

1.0.82

1.0.83

1.0.84

1.0.85

1.0.86

1.0.87

1.0.88

1.0.89

1.0.90

1.0.91

1.0.92

1.0.93

1.0.94

1.0.95

1.0.96

1.0.97

1.0.98

1.0.99

1.0.100

1.0.101

1.0.102

1.0.103

1.0.104

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.27

2.0.28

2.0.29

2.0.30

2.0.31

2.0.32

2.0.33

2.0.34

2.0.35

2.0.36

2.0.37

2.0.38

2.0.39

2.0.40

2.0.41

2.0.42

2.0.43

2.0.44

2.0.45

2.0.46

2.0.47

2.0.48

2.0.49

2.0.50

2.0.51

2.0.52

2.0.53

2.0.54

2.0.55

2.0.56

2.0.57

2.0.58

2.0.59

2.0.60

2.0.61

2.0.62

2.0.63

2.0.64

2.0.65

2.0.66

2.0.67

2.0.68

2.0.69

2.0.70

2.0.71

2.0.72

2.0.73

2.0.74

2.0.75

2.0.76

2.0.77

2.0.78

2.0.79

2.0.80

2.0.81

2.0.82

2.0.83

2.0.84

2.0.85

2.0.86

2.0.87

2.0.88

2.0.89

2.0.90

2.0.91

2.0.92

2.0.93

2.0.94

2.0.95

2.0.96

2.0.97

2.0.98

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.19

3.0.20

3.0.21

3.0.22

3.0.23

3.0.24

3.0.25

3.0.26

3.0.27

3.0.28

3.0.29

3.0.30

3.0.31

3.0.32

3.0.33

3.0.34

3.0.35

3.0.36

3.0.37

3.0.38

3.0.39

3.0.40

3.0.41

3.0.42

3.0.43

3.0.44

3.0.45

3.0.46

3.0.47

3.0.48

3.0.49

3.0.50

3.0.51

3.0.52

3.0.53

3.0.54

3.0.55

3.0.56

3.0.57

3.0.58

3.0.59

3.0.60

3.0.61

3.0.62

3.0.63

3.0.64

3.0.65

3.0.66

3.0.67

3.0.68

3.0.69

3.0.70

3.0.71

3.0.72

3.0.73

3.0.74

3.0.75

3.0.76

3.0.77

3.0.78

3.0.79

3.0.80

3.0.81

3.0.82

3.0.83

3.0.84

3.0.85

3.0.86

3.0.87

3.0.88

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.11

4.0.12

4.0.13

4.0.14

4.0.15

4.0.16

4.0.17

4.0.18

4.0.19

4.0.20

4.0.21

4.0.22

4.0.23

4.0.24

4.0.25

4.0.26

4.0.27

4.0.28

4.0.29

4.0.30

4.0.31

4.0.32

4.0.33

4.0.34

4.0.35

4.0.36

4.0.37

4.0.38

4.0.39

4.0.40

4.0.41

4.0.42

4.0.43

4.0.44

4.0.45

4.0.46

4.0.47

4.0.48

4.0.49

4.0.50

4.0.51

4.0.52

4.0.53

4.0.54

4.0.55

4.0.56

4.0.57

4.0.58

4.0.59

4.0.60

4.0.61

4.0.62

4.0.63

4.0.64

4.0.65

4.0.66

4.0.67

4.0.68

4.0.69

4.0.70

4.0.71

4.0.72

4.0.73

4.0.74

4.0.75

4.0.76

4.0.77

4.0.78

4.0.79

4.0.80

4.0.81

4.0.82

4.0.83

4.0.84

4.0.85

4.0.86

4.0.87

4.0.88

4.0.89

4.0.90

4.0.91

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.0.11

5.0.12

5.0.13

5.0.14

5.0.15

5.0.16

5.0.17

5.0.18

5.0.19

5.0.20

5.0.21

5.0.22

5.0.23

5.0.24

5.0.25

5.0.26

5.0.27

5.0.28

5.0.29

5.0.30

5.0.31

5.0.32

5.0.33

5.0.34

5.0.35

5.0.36

5.0.37

5.0.38

5.0.39

5.0.40

5.0.41

5.0.42

5.0.43

5.0.44

5.0.45

5.0.46

5.0.47

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.4.0

Fixed

7.4.13.u37

Affected versions

7.*

7.4.10.ep1

7.4.11

7.4.12

7.4.13

7.4.13.u1

7.4.13.u2

7.4.13.u3

7.4.13.u4

7.4.13.u5

7.4.13.u6

7.4.13.u7

7.4.13.u8

7.4.13.u9

7.4.13.u10

7.4.13.u15

7.4.13.u16

7.4.13.u17

7.4.13.u18

7.4.13.u19

7.4.13.u20

7.4.13.u21

7.4.13.u22

7.4.13.u23

7.4.13.u24

7.4.13.u25

7.4.13.u26

7.4.13.u27

7.4.13.u28

7.4.13.u29

7.4.13.u30

7.4.13.u31

7.4.13.u32

7.4.13.u33

7.4.13.u34

7.4.13.u35

7.4.13.u36