Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-03T05:03:32.874Z

Reserved: 2022-03-07T00:00:00

Link: CVE-2022-26594

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-15T16:15:07.820

Modified: 2024-11-21T06:54:10.950

Link: CVE-2022-26594

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.