Headline
CVE-2022-42113: CVE-2022-42113 Reflected XSS with `redirect` in Document & Media - Liferay Portal - Liferay Faces
A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
CVE-2022-42113 Reflected XSS with `redirect` in Document & Media
Date
Tue, 18 Oct 2022 07:56:00 +0000
Title
CVE-2022-42113 Reflected XSS with `redirect` in Document & Media
Description
Cross-site scripting (XSS) vulnerability in Document Library module’s move file interface in Liferay Portal 7.4.3.30 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
Severity
Severity 2
Notes
There is no patch available for Liferay Portal 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA37 (7.4.3.37) or later.