CVE-2022-42119

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-42119

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-42119.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-42119

Aliases

GHSA-wjfm-qxg2-q679

Published

2022-11-15T01:15:12.587Z

Modified

2025-11-14T14:31:49.387718Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Last affected

0515646c8f638f202d107469cc147172fc7685de

Last affected

29b73b9b896c7d44fb5d1800a402698c303d1cf6

Last affected

3cc350081830d5b3ed7848d769d3985a6bbf0469

Last affected

4ffdd7225ef4a5fd922703263a3006a741a4d8d0

Last affected

6d28f4266948e7b0eeb14c3e8d16b3d81e02e8bb

Introduced

f193301b2848899b008d51513af62a3b3a9b7888

Last affected

75354f3482d7c5edb70f4cd72ed8664ce8079842

Last affected

77b773677e0fa17b1a869414ad66220245ba96a8

Affected versions

7.*

7.3.5-ga6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-42119.json"