Vulnerability Details CVE-2022-26594
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://liferay.com
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-26594-xss-vulnerability-with-form-field-help-text
- http://liferay.com
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-26594-xss-vulnerability-with-form-field-help-text
Products affected by CVE-2022-26594
-
cpe:2.3:a:liferay:liferay_portal:7.3.5
-
cpe:2.3:a:liferay:liferay_portal:7.3.6
-
cpe:2.3:a:liferay:liferay_portal:7.4.0