Security Advisory

CVE-2022-26594

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-15 15:50:26

Last updated 2024-08-03 05:03:32

Assigner mitre

State PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form fields help text to (1) Forms modules form builder, or (2) App Builder modules object form views form builder.

← Browse all CVEs View on cve.org ↗