CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26596

Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.8%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2022-26596

Liferay » Digital Experience Platform » Version: 7.0

cpe:2.3:a:liferay:digital_experience_platform:7.0
Liferay » Digital Experience Platform » Version: 7.1

cpe:2.3:a:liferay:digital_experience_platform:7.1
Liferay » Digital Experience Platform » Version: 7.2

cpe:2.3:a:liferay:digital_experience_platform:7.2
Liferay » Liferay Portal » Version: 7.1.0

cpe:2.3:a:liferay:liferay_portal:7.1.0
Liferay » Liferay Portal » Version: 7.1.1

cpe:2.3:a:liferay:liferay_portal:7.1.1
Liferay » Liferay Portal » Version: 7.1.2

cpe:2.3:a:liferay:liferay_portal:7.1.2
Liferay » Liferay Portal » Version: 7.1.3

cpe:2.3:a:liferay:liferay_portal:7.1.3
Liferay » Liferay Portal » Version: 7.2

cpe:2.3:a:liferay:liferay_portal:7.2
Liferay » Liferay Portal » Version: 7.2.0

cpe:2.3:a:liferay:liferay_portal:7.2.0
Liferay » Liferay Portal » Version: 7.2.1

cpe:2.3:a:liferay:liferay_portal:7.2.1
Liferay » Liferay Portal » Version: 7.3

cpe:2.3:a:liferay:liferay_portal:7.3
Liferay » Liferay Portal » Version: 7.3.0

cpe:2.3:a:liferay:liferay_portal:7.3.0
Liferay » Liferay Portal » Version: 7.3.1

cpe:2.3:a:liferay:liferay_portal:7.3.1
Liferay » Liferay Portal » Version: 7.3.2

cpe:2.3:a:liferay:liferay_portal:7.3.2
Liferay » Liferay Portal » Version: 7.3.3

cpe:2.3:a:liferay:liferay_portal:7.3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26596

Products

Pricing

Contact Us