CVE-2022-42111

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload.

Una vulnerabilidad de Cross-Site Scripting (XSS) en la notificación de usuario del módulo Compartir en Liferay Portal 7.2.1 a 7.4.2, y Liferay DXP 7.2 antes del fix pack 19, y 7.3 antes de la actualización 4 permite a atacantes remotos inyectar scripts web o HTML arbitrarios compartiendo un activo con un payload manipulado.

*Credits: N/A

CVSS Scores

NISTv3.1 5.4

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-03 CVE Reserved
2022-11-15 CVE Published
2024-06-07 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://issues.liferay.com/browse/LPE-17379	2022-11-17
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42111	2022-11-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Liferay Search vendor "Liferay"		Liferay Portal Search vendor "Liferay" for product "Liferay Portal"				>= 7.2.1 <= 7.4.2 Search vendor "Liferay" for product "Liferay Portal" and version " >= 7.2.1 <= 7.4.2"		-		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		-		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_1		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_10		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_11		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_12		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_13		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_14		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_15		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_2		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_3		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_4		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_5		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_6		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_7		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_8		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.2 Search vendor "Liferay" for product "Dxp" and version "7.2"		fix_pack_9		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.3 Search vendor "Liferay" for product "Dxp" and version "7.3"		-		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.3 Search vendor "Liferay" for product "Dxp" and version "7.3"		update_1		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.3 Search vendor "Liferay" for product "Dxp" and version "7.3"		update_2		Affected
Liferay Search vendor "Liferay"		Dxp Search vendor "Liferay" for product "Dxp"				7.3 Search vendor "Liferay" for product "Dxp" and version "7.3"		update_3		Affected