CVE-2022-42119
MEDIUM5.4EPSS 0.64%Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module
發布日:2022/11/15修改日:2025/8/8
描述
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects the Commerce module before 4.0.8 from Liferay Portal (7.3.5 through 7.4.2) and Liferay DXP 7.3 before update 8.
受影響套件(2)
- Maven/com.liferay.commerce:com.liferay.commerce.catalog.webfrom 0, < 4.0.8
- Maven/com.liferay.portal:release.dxp.bom>= 7.3.0, < 7.3.10.u8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-42119
- PATCHhttps://github.com/liferay/liferay-portal
- WEBhttp://liferay.com
- WEBhttps://github.com/liferay/liferay-portal/commit/2e02110747dd5cccb978623545bfa1f3ad0a5602
- WEBhttps://issues.liferay.com/browse/LPE-17632
- WEBhttps://web.archive.org/web/20221115040019/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42119