CVE-2022-26594
published 2022-04-15CVE-2022-26594: Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | liferay_portal | — | — |
| liferay | liferay_portal | >= 7.3.5 < 7.3.7 | 7.3.7 |