CVSS: 5.5EPSS: 0%CPEs: 52EXPL: 0CVE-2022-42112
https://notcve.org/view.php?id=CVE-2022-42112
18 Oct 2022 — A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el widget Sort del módulo Portal Search en Liferay Portal versiones 7.2.0 hasta 7.4.3.24, y Liferay DXP 7.2 versiones anteriores a fix pack 19, 7.3 ante... • http://liferay.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-42113
https://notcve.org/view.php?id=CVE-2022-42113
18 Oct 2022 — A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el módulo Document Library de Liferay Portal versiones 7.4.3.30 hasta 7.4.3.36, y Liferay DXP versiones 7.4 update 30 hasta update 36, permite a atacantes remotos inyectar script web o HTML arbitrari... • http://liferay.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2022-42114
https://notcve.org/view.php?id=CVE-2022-42114
18 Oct 2022 — A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML. Una vulnerabilidad de tipo Cross-site scripting (XSS) en la página de edición de asignados de roles del módulo Role en Liferay Portal versiones 7.4.0 hasta 7.4.3.36, y Liferay DXP versiones 7.4 anteriores a update 37, permite a atacantes remotos inyectar script web o HTML arbitra... • http://liferay.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42115
https://notcve.org/view.php?id=CVE-2022-42115
18 Oct 2022 — Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field. Una vulnerabilidad de tipo cross-site scripting (XSS) en la página de edición de detalles de objetos del módulo Object en Liferay Portal 7.4.3.4 hasta 7.4.3.36, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un... • http://liferay.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2022-38512
https://notcve.org/view.php?id=CVE-2022-38512
22 Sep 2022 — The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL. El módulo de traducción de Liferay Portal versiones v7.4.3.12 hasta v7.4.3.36, y Liferay DXP versiones 7.4 update 8 hasta 36, no comprueba los permisos antes de permitir a un usuario exportar un contenido web para su tr... • http://liferay.com • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 45EXPL: 0CVE-2022-39975
https://notcve.org/view.php?id=CVE-2022-39975
21 Sep 2022 — The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation. El módulo Layout en Liferay Portal versiones v7.3.3 hasta v7.4.3.34, y Liferay DXP versiones 7.3 anteriores a update 10, y 7.4 anteriores a update 35, no comprueba el permiso del usuario antes de mostrar la vista pre... • http://liferay.com • CWE-862: Missing Authorization •