Headline

CVE-2022-28982: CVE-2022-28982 Reflected XSS with tag name in <liferay-asset:asset-tags-selector> - Liferay Portal - Liferay Faces

A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #git

CVE-2022-28982 Reflected XSS with tag name in <liferay-asset:asset-tags-selector>

Date

Mon, 24 Jan 2022 16:00:00 +0000

Title

CVE-2022-28982 Reflected XSS with tag name in

Description

Cross-site scripting (XSS) vulnerability in the <liferay-asset:asset-tags-selector> tag in Liferay Portal 7.3.3 through 7.4.2 allows remote attackers to inject arbitrary web script or HTML via the name of a tag.

Severity

Severity 2

Notes

Liferay Portal 7.4: There is no patch available for Liferay Portal 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA4 (7.4.3.4)

Liferay Portal 7.3: Source patch for Liferay Portal 7.3.7 GA8 (7.3.7) is available on GitHub. Details for working with source patches can be found on the Patching Liferay Portal page.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago