CVE-2022-28982 Liferay Portal 7.3.3 through 7.4.2 and DXP 7.3 before SP3 allow attackers to execute arbitrary web scripts or HTML if a payload is injected into the name of a tag.
A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to inject arbitrary web script or HTML code into the context of another logged-in user via a crafted payload injected into the name of a tag.
CVE References Severity CVE-2017-9241 A CVSS v3 Severity rating Medium CVE-2017-9242 A CVSS v3 Severity rating Medium CVE-2017-9243 A CVSS v3 Severity rating Medium CVE-2017-9244 A CVSS v3 Severity rating Medium CVE-2017-9245 A CVSS v3 Severity rating Medium CVE-2017-9246 A CVSS v3 Severity rating Medium An information disclosure vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to access sensitive information via a crafted request when the “Email address confirmation” feature is enabled.
CVE-2017-9247 An information disclosure vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to access sensitive information via a crafted request.
CVE-2017-9250 An information disclosure vulnerability in Liferay Portal
^^
Cross-site scripting (XSS) vulnerability^
A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to inject arbitrary web script or HTML code into the context of another logged-in user via a crafted payload injected into the name of a tag.
Timeline
Published on: 09/22/2022 00:15:00 UTC
Last modified on: 09/23/2022 14:09:00 UTC