GHSA-ffmm-5ww2-g3q4

Source

https://github.com/advisories/GHSA-ffmm-5ww2-g3q4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-ffmm-5ww2-g3q4/GHSA-ffmm-5ww2-g3q4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ffmm-5ww2-g3q4

Aliases

Published

2022-03-04T00:00:20Z

Modified

2025-07-15T19:27:01.151703Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console

Details

Liferay Server Admin Web before 4.0.12 from Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the script console under the Server module.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed_at": "2025-07-15T18:32:01Z",
    "nvd_published_at": "2022-03-03T00:15:00Z"
}

References

Affected packages

Maven / com.liferay:com.liferay.server.admin.web

Package

Name: com.liferay:com.liferay.server.admin.web; View open source insights on deps.dev
Purl: pkg:maven/com.liferay/com.liferay.server.admin.web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.12

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.20

1.0.21

1.0.22

1.0.23

1.0.24

1.0.25

1.0.26

1.0.27

1.0.28

1.0.29

1.0.30

1.0.31

1.0.32

1.0.33

1.0.34

1.0.35

1.0.36

1.0.37

1.0.38

1.0.39

1.0.40

1.0.41

1.0.42

1.0.43

1.0.44

1.0.45

1.0.46

1.0.47

1.0.48

1.0.49

1.0.50

1.0.51

1.0.52

1.0.53

1.0.54

1.0.55

1.0.56

1.0.57

1.0.58

1.0.59

1.0.60

1.0.61

1.0.62

1.0.63

1.0.64

1.0.65

1.0.66

1.0.67

1.0.68

1.0.69

1.0.70

1.0.71

1.0.72

1.0.73

1.0.74

1.0.75

1.0.76

1.0.77

1.0.78

1.0.79

1.0.80

1.0.81

1.0.82

1.0.83

1.0.84

1.0.85

1.0.86

1.0.87

1.0.88

1.0.89

1.0.90

1.0.91

1.0.92

1.0.93

1.0.94

1.0.95

1.0.96

1.0.97

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.27

2.0.28

2.0.29

2.0.30

2.0.31

2.0.32

2.0.33

2.0.34

2.0.35

2.0.36

2.0.37

2.0.38

2.0.39

2.0.40

2.0.41

2.0.42

2.0.43

2.0.44

2.0.45

2.0.46

2.0.47

2.0.48

2.0.49

2.0.50

2.0.51

2.0.52

2.0.53

2.0.54

2.0.55

2.0.56

2.0.57

2.0.58

2.0.59

2.0.60

2.0.61

2.0.62

2.0.63

2.0.64

2.0.65

2.0.66

2.0.67

2.0.68

2.0.69

2.0.70

2.0.71

2.0.72

2.0.73

2.0.74

2.0.75

2.0.76

2.0.77

2.0.78

2.0.79

2.0.80

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.19

3.0.20

3.0.21

3.0.22

3.0.23

3.0.24

3.0.25

3.0.26

3.0.27

3.0.28

3.0.29

3.0.30

3.0.31

3.0.32

3.0.33

3.0.34

3.0.35

3.0.36

3.0.37

3.0.38

3.0.39

3.0.40

3.0.41

3.0.42

3.0.43

3.0.44

3.0.45

3.0.46

3.0.47

3.0.48

3.0.49

3.0.50

3.0.51

3.0.52

3.0.53

3.0.54

3.0.55

3.0.56

3.0.57

3.0.58

3.0.59

3.0.60

3.0.61

3.0.62

3.0.63

3.0.64

3.0.65

3.0.66

3.0.67

3.0.68

3.0.69

3.0.70

3.0.71

3.0.72

3.0.73

3.0.74

3.0.75

3.0.76

3.0.77

3.0.78

3.0.79

3.0.80

3.0.81

3.0.82

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.11

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

7.0