CVE-2022-26593

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-26593
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-26593.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-26593
Aliases
Published
2022-04-19T13:15:08Z
Modified
2025-01-08T09:41:17.526667Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Introduced
77b773677e0fa17b1a869414ad66220245ba96a8
Fixed
29b73b9b896c7d44fb5d1800a402698c303d1cf6

Affected versions

7.*

7.3.3-ga4
7.3.4-ga5
7.3.6-ga7

Other

test-fix-pack-base-7310