CVE-2022-26594

Publication date

2022-04-15 15:50:26

Family

mitre

State

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form fields help text to (1) Forms modules form builder, or (2) App Builder modules object form views form builder.