CVE-2022-42113 – com.liferay:com.liferay.document.library.web

Package

Manager: maven
Name: com.liferay:com.liferay.document.library.web
Vulnerable Version: >=0 <6.0.98

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0018 pctl0.3984

Details

Liferay Portal and Liferay DXP Vulnerable to XSS via the Document Library Module A Cross-site scripting (XSS) vulnerability in Document Library module before 6.0.98 from Liferay Portal (7.4.3.30 through 7.4.3.36), and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.

Metadata

Created: 2022-10-19T12:00:23Z
Modified: 2025-07-16T17:55:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-r32w-v775-5952/GHSA-r32w-v775-5952.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-r32w-v775-5952
Finding: F008
Auto approve: 1