Security Advisory

CVE-2022-42116

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-10-18 00:00:00

Last updated 2025-05-13 14:39:12

Assigner mitre

State PUBLISHED

Description

A Cross-site scripting (XSS) vulnerability in the Frontend Editor modules integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.

← Browse all CVEs View on cve.org ↗