CVE-2022-28979
published 2022-09-22CVE-2022-28979: Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | dxp | — | — |
| liferay | liferay_portal | >= 7.1.0 < 7.4.3.4 | 7.4.3.4 |