cbcvebase.
CVE-2022-26593
published 2022-04-19

CVE-2022-26593: Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before…

medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.

Affected

4 ranges
VendorProductVersion rangeFixed in
liferaydigital_experience_platform< 7.37.3
liferaydigital_experience_platform
liferayliferay_portal
liferayliferay_portal>= 7.3.3 < 7.3.77.3.7