GHSA-wjfm-qxg2-q679
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wjfm-qxg2-q679
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-wjfm-qxg2-q679/GHSA-wjfm-qxg2-q679.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wjfm-qxg2-q679
- Aliases
- Published
- 2022-11-15T12:00:16Z
- Modified
- 2025-08-08T21:57:18.829184Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module
- Details
-
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects the Commerce module before 4.0.8 from Liferay Portal (7.3.5 through 7.4.2) and Liferay DXP 7.3 before update 8.
- Database specific
{ "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-08-08T21:11:36Z", "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2022-11-15T01:15:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-42119
- https://github.com/liferay/liferay-portal/commit/2e02110747dd5cccb978623545bfa1f3ad0a5602
- https://github.com/liferay/liferay-portal
- https://issues.liferay.com/browse/LPE-17632
- https://web.archive.org/web/20221115040019/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42119
- http://liferay.com
Affected packages
Maven / com.liferay.commerce:com.liferay.commerce.catalog.web
Package
- Name
- com.liferay.commerce:com.liferay.commerce.catalog.web
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.commerce/com.liferay.commerce.catalog.web
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.8
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.0.30
1.0.31
1.0.32
1.0.33
1.0.34
1.0.35
1.0.36
1.0.37
1.0.38
1.0.39
1.0.40
1.0.41
1.0.42
1.0.43
1.0.44
1.0.45
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.0.21
3.0.22
3.0.23
3.0.24
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
Maven / com.liferay.portal:release.dxp.bom
Package
- Name
- com.liferay.portal:release.dxp.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.dxp.bom