CVE-2022-42111
moderate-risk
Published 2022-11-15
A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload.
Do I need to act?
-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (4)
Issue Tracking
https://issues.liferay.com/browse/LPE-17379
Issue Tracking
https://issues.liferay.com/browse/LPE-17379
42
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
20/34 · Moderate