1+ {
2+ "schema_version" : " 1.4.0"
3+ "id" : " GHSA-g6r2-6x46-jpp6"
4+ "modified" : " 2025-07-16T19:22:16Z"
5+ "published" : " 2022-10-19T12:00:23Z"
6+ "aliases" : [
7+ " CVE-2022-42117"
8+ ],
9+ "summary" : " Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module"
10+ "details" : " A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module before 9.1.7 from Liferay Portal (7.3.2 through 7.4.3.16), and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML."
11+ "severity" : [
12+ {
13+ "type" : " CVSS_V3"
14+ "score" : " CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
15+ }
16+ ],
17+ "affected" : [
18+ {
19+ "package" : {
20+ "ecosystem" : " Maven"
21+ "name" : " com.liferay:com.liferay.frontend.taglib.clay"
22+ },
23+ "ranges" : [
24+ {
25+ "type" : " ECOSYSTEM"
26+ "events" : [
27+ {
28+ "introduced" : " 0"
29+ },
30+ {
31+ "fixed" : " 9.1.7"
32+ }
33+ ]
34+ }
35+ ]
36+ },
37+ {
38+ "package" : {
39+ "ecosystem" : " Maven"
40+ "name" : " com.liferay.portal:release.dxp.bom"
41+ },
42+ "ranges" : [
43+ {
44+ "type" : " ECOSYSTEM"
45+ "events" : [
46+ {
47+ "introduced" : " 7.3.0"
48+ },
49+ {
50+ "fixed" : " 7.3.10.u6"
51+ }
52+ ]
53+ }
54+ ]
55+ },
56+ {
57+ "package" : {
58+ "ecosystem" : " Maven"
59+ "name" : " com.liferay.portal:release.dxp.bom"
60+ },
61+ "ranges" : [
62+ {
63+ "type" : " ECOSYSTEM"
64+ "events" : [
65+ {
66+ "introduced" : " 7.4.0"
67+ },
68+ {
69+ "fixed" : " 7.4.13.u17"
70+ }
71+ ]
72+ }
73+ ]
74+ }
75+ ],
76+ "references" : [
77+ {
78+ "type" : " ADVISORY"
79+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2022-42117"
80+ },
81+ {
82+ "type" : " WEB"
83+ "url" : " https://github.com/liferay/liferay-portal/commit/a0d25a757f002c39d02b93938bc11feb3b0de6f6"
84+ },
85+ {
86+ "type" : " PACKAGE"
87+ "url" : " https://github.com/liferay/liferay-portal"
88+ },
89+ {
90+ "type" : " WEB"
91+ "url" : " https://liferay.atlassian.net/browse/LPE-17497"
92+ },
93+ {
94+ "type" : " WEB"
95+ "url" : " https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42117?p_r_p_assetEntryId=121613244&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613244%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"
96+ },
97+ {
98+ "type" : " WEB"
99+ "url" : " https://web.archive.org/web/20221205223431/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117"
100+ },
101+ {
102+ "type" : " WEB"
103+ "url" : " http://liferay.com"
104+ }
105+ ],
106+ "database_specific" : {
107+ "cwe_ids" : [
108+ " CWE-79"
109+ ],
110+ "severity" : " MODERATE"
111+ "github_reviewed" : true ,
112+ "github_reviewed_at" : " 2025-07-16T19:22:16Z"
113+ "nvd_published_at" : " 2022-10-18T21:15:00Z"
114+ }
115+ }
0 commit comments