Headline

CVE-2022-42116: CVE-2022-42116 Reflected XSS with name & namespace parameter in integration with CKEditor - Liferay Portal - Liferay Faces

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module’s integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.

2 years ago

CVE

Open in Source

#xss #vulnerability #web

CVE-2022-42116 Reflected XSS with name & namespace parameter in integration with CKEditor

Date

Tue, 18 Oct 2022 09:30:00 +0000

Title

CVE-2022-42116 Reflected XSS with name & namespace parameter in integration with CKEditor

Description

Cross-site scripting (XSS) vulnerability in the Frontend Editor module’s integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.

Severity

Severity 2

Notes

There is no patch available for Liferay Portal 7.3 and 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA15 (7.4.3.15) or later.