CVSS: 4.3EPSS: 0%CPEs: 47EXPL: 0CVE-2022-42130
https://notcve.org/view.php?id=CVE-2022-42130
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. El módulo Dynamic Data Mapping en Liferay Portal 7.1.0 a 7.4.3.4 y Liferay DXP 7.1 antes del fixpack 27, 7.2 antes del fixpack 19, 7.3 antes de la actualización 4 y 7.4 GA no comprueba correctamente el permiso de las entradas del formulario, lo que permite usuarios remotos autenticados para ver y acceder a todas las entradas del formulario. • http://liferay.com https://issues.liferay.com/browse/LPE-17447 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130 • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 45EXPL: 0CVE-2022-42118
https://notcve.org/view.php?id=CVE-2022-42118
A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en el módulo Portal Search en Liferay Portal 7.1.0 hasta 7.4.2 y Liferay DXP 7.1 antes del fix pack 27, 7.2 antes del fix pack 15 y 7.3 antes del service pack 3 permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro "etiqueta". • http://liferay.com https://issues.liferay.com/browse/LPE-17342 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 48EXPL: 0CVE-2022-42131
https://notcve.org/view.php?id=CVE-2022-42131
Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3. Ciertos productos de Liferay se ven afectados por: Falta de Validación de Certificado SSL en los proveedores de datos REST del módulo Dynamic Data Mapping. Esto afecta a Liferay Portal 7.1.0 a 7.4.2 y Liferay DXP 7.1 antes del fix pack 27, 7.2 antes del fix pack 17 y 7.3 antes del service pack 3. • http://liferay.com https://issues.liferay.com/browse/LPE-17377 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131 • CWE-295: Improper Certificate Validation •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-42119
https://notcve.org/view.php?id=CVE-2022-42119
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8. Ciertos productos de Liferay son vulnerables a Cross Site Scripting (XSS) a través del módulo Commerce. Esto afecta a Liferay Portal 7.3.5 hasta 7.4.2 y Liferay DXP 7.3 antes de la actualización 8. • http://liferay.com https://issues.liferay.com/browse/LPE-17632 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42126
https://notcve.org/view.php?id=CVE-2022-42126
The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI. El módulo Asset Libraries en Liferay Portal 7.3.5 a 7.4.3.28, y Liferay DXP 7.3 antes de la actualización 8, y DXP 7.4 antes de la actualización 29 no verifica correctamente los permisos de las librerías de activos, lo que permite a los usuarios remotos autenticados ver las librerías de activos a través de la interfaz de usuario. • http://liferay.com https://issues.liferay.com/browse/LPE-17593 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126 •