CVE-2022-42119

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-42119
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-42119.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-42119
Aliases
Published
2022-11-15T00:00:00Z
Modified
2026-05-28T04:08:47.454627608Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/42xxx/CVE-2022-42119.json",
    "cna_assigner": "mitre",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "7.3.5"
                },
                {
                    "fixed": "7.4.2"
                },
                {
                    "introduced": "7.3"
                }
            ],
            "source": "DESCRIPTION"
        }
    ]
}
References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Introduced
f193301b2848899b008d51513af62a3b3a9b7888
Last affected
75354f3482d7c5edb70f4cd72ed8664ce8079842
Database specific 
{
    "extracted_events": [
        {
            "introduced": "7.3.5"
        },
        {
            "last_affected": "7.4.2"
        }
    ],
    "cpe": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

7.*
7.3.5-ga6
7.4.0-ga1
7.4.1-ga2
7.4.2-ga3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-42119.json"