CVE-2022-42115 – com.liferay:com.liferay.object.web

Package

Manager: maven
Name: com.liferay:com.liferay.object.web
Vulnerable Version: >=0 <1.0.99

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00187 pctl0.40731

Details

Liferay Portal Vulnerable to XSS in the Object Module Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Object Web before 1.0.99 from Liferay Portal (7.4.3.4 through 7.4.3.36) allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field.

Metadata

Created: 2022-10-19T12:00:23Z
Modified: 2025-07-16T20:13:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-x43w-xphx-86w3/GHSA-x43w-xphx-86w3.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-x43w-xphx-86w3
Finding: F425
Auto approve: 1