fkie_nvd - fkie_cve-2022-42111

fkie_cve-2022-42111

Vulnerability from fkie_nvd

Published

2022-11-15 01:15

Modified

2024-11-21 07:24

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload.

References

URL	Tags
cve@mitre.org	https://issues.liferay.com/browse/LPE-17379	Issue Tracking, Vendor Advisory
cve@mitre.org	https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42111	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.liferay.com/browse/LPE-17379	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42111	Vendor Advisory

Impacted products

Vendor	Product	Version
liferay	liferay_portal	*
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.3
liferay	dxp	7.3
liferay	dxp	7.3
liferay	dxp	7.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8A0D26-A5F7-4228-83B1-92CDA307B5A3",
              "versionEndIncluding": "7.4.2",
              "versionStartIncluding": "7.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*",
              "matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:*",
              "matchCriteriaId": "F7CAAF53-AA8E-48CB-9398-35461BE590C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_11:*:*:*:*:*:*",
              "matchCriteriaId": "6FB8482E-644B-4DA5-808B-8DBEAB6D8D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_12:*:*:*:*:*:*",
              "matchCriteriaId": "95EFE8B5-EE95-4186-AC89-E9AFD8649D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_13:*:*:*:*:*:*",
              "matchCriteriaId": "90A6E0AF-0B8A-462D-95EF-2239EEE4A50D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_14:*:*:*:*:*:*",
              "matchCriteriaId": "48BBAE90-F668-49BF-89AF-2C9547B76836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_15:*:*:*:*:*:*",
              "matchCriteriaId": "74FAF597-EAAD-4BB5-AB99-8129476A7E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*",
              "matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*",
              "matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*",
              "matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*",
              "matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*",
              "matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*",
              "matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*",
              "matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*",
              "matchCriteriaId": "CF9BC654-4E3F-4B40-A6E5-79A818A51BED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "D60CDAA3-6029-4904-9D08-BB221BCFD7C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "B66F47E9-3D82-497E-BD84-E47A65FAF8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "A0BA4856-59DF-427C-959F-3B836314F5D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Cross-site scripting (XSS) vulnerability in the Sharing module\u0027s user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en la notificaci\u00f3n de usuario del m\u00f3dulo Compartir en Liferay Portal 7.2.1 a 7.4.2, y Liferay DXP 7.2 antes del fix pack 19, y 7.3 antes de la actualizaci\u00f3n 4 permite a atacantes remotos inyectar scripts web o HTML arbitrarios compartiendo un activo con un payload manipulado."
    }
  ],
  "id": "CVE-2022-42111",
  "lastModified": "2024-11-21T07:24:22.677",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-15T01:15:10.227",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.liferay.com/browse/LPE-17379"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.liferay.com/browse/LPE-17379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42111"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2022-42111

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 13:03