Cross-site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP

Cross-site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP

CVE-2022-42114 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

Learn more about our Web App Pen Testing.