cbcvebase.
CVE-2022-26596
published 2022-04-25

CVE-2022-26596: Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names.

Affected

4 ranges
VendorProductVersion rangeFixed in
liferaydigital_experience_platform
liferaydigital_experience_platform
liferaydigital_experience_platform
liferayliferay_portal7.1.0 – 7.3.3