CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-38901

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.9%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2022-38901

Liferay » Dxp » Version: 7.0

cpe:2.3:a:liferay:dxp:7.0
Liferay » Dxp » Version: 7.1

cpe:2.3:a:liferay:dxp:7.1
Liferay » Dxp » Version: 7.2

cpe:2.3:a:liferay:dxp:7.2
Liferay » Dxp » Version: 7.3

cpe:2.3:a:liferay:dxp:7.3
Liferay » Dxp » Version: 7.4

cpe:2.3:a:liferay:dxp:7.4
Liferay » Liferay Portal » Version: 7.3.5

cpe:2.3:a:liferay:liferay_portal:7.3.5
Liferay » Liferay Portal » Version: 7.3.6

cpe:2.3:a:liferay:liferay_portal:7.3.6
Liferay » Liferay Portal » Version: 7.3.7

cpe:2.3:a:liferay:liferay_portal:7.3.7
Liferay » Liferay Portal » Version: 7.4.0

cpe:2.3:a:liferay:liferay_portal:7.4.0
Liferay » Liferay Portal » Version: 7.4.1

cpe:2.3:a:liferay:liferay_portal:7.4.1
Liferay » Liferay Portal » Version: 7.4.2

cpe:2.3:a:liferay:liferay_portal:7.4.2
Liferay » Liferay Portal » Version: 7.4.3.10

cpe:2.3:a:liferay:liferay_portal:7.4.3.10
Liferay » Liferay Portal » Version: 7.4.3.11

cpe:2.3:a:liferay:liferay_portal:7.4.3.11
Liferay » Liferay Portal » Version: 7.4.3.12

cpe:2.3:a:liferay:liferay_portal:7.4.3.12
Liferay » Liferay Portal » Version: 7.4.3.13

cpe:2.3:a:liferay:liferay_portal:7.4.3.13
Liferay » Liferay Portal » Version: 7.4.3.14

cpe:2.3:a:liferay:liferay_portal:7.4.3.14
Liferay » Liferay Portal » Version: 7.4.3.15

cpe:2.3:a:liferay:liferay_portal:7.4.3.15
Liferay » Liferay Portal » Version: 7.4.3.16

cpe:2.3:a:liferay:liferay_portal:7.4.3.16
Liferay » Liferay Portal » Version: 7.4.3.17

cpe:2.3:a:liferay:liferay_portal:7.4.3.17
Liferay » Liferay Portal » Version: 7.4.3.18

cpe:2.3:a:liferay:liferay_portal:7.4.3.18
Liferay » Liferay Portal » Version: 7.4.3.19

cpe:2.3:a:liferay:liferay_portal:7.4.3.19
Liferay » Liferay Portal » Version: 7.4.3.20

cpe:2.3:a:liferay:liferay_portal:7.4.3.20
Liferay » Liferay Portal » Version: 7.4.3.21

cpe:2.3:a:liferay:liferay_portal:7.4.3.21
Liferay » Liferay Portal » Version: 7.4.3.22

cpe:2.3:a:liferay:liferay_portal:7.4.3.22
Liferay » Liferay Portal » Version: 7.4.3.23

cpe:2.3:a:liferay:liferay_portal:7.4.3.23
Liferay » Liferay Portal » Version: 7.4.3.24

cpe:2.3:a:liferay:liferay_portal:7.4.3.24
Liferay » Liferay Portal » Version: 7.4.3.25

cpe:2.3:a:liferay:liferay_portal:7.4.3.25
Liferay » Liferay Portal » Version: 7.4.3.26

cpe:2.3:a:liferay:liferay_portal:7.4.3.26
Liferay » Liferay Portal » Version: 7.4.3.27

cpe:2.3:a:liferay:liferay_portal:7.4.3.27
Liferay » Liferay Portal » Version: 7.4.3.28

cpe:2.3:a:liferay:liferay_portal:7.4.3.28
Liferay » Liferay Portal » Version: 7.4.3.4

cpe:2.3:a:liferay:liferay_portal:7.4.3.4
Liferay » Liferay Portal » Version: 7.4.3.5

cpe:2.3:a:liferay:liferay_portal:7.4.3.5
Liferay » Liferay Portal » Version: 7.4.3.6

cpe:2.3:a:liferay:liferay_portal:7.4.3.6
Liferay » Liferay Portal » Version: 7.4.3.7

cpe:2.3:a:liferay:liferay_portal:7.4.3.7
Liferay » Liferay Portal » Version: 7.4.3.8

cpe:2.3:a:liferay:liferay_portal:7.4.3.8
Liferay » Liferay Portal » Version: 7.4.3.9

cpe:2.3:a:liferay:liferay_portal:7.4.3.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-38901

Products

Pricing

Contact Us