A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Sat, 10 May 2025 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-05-10T02:43:03.094Z
Reserved: 2022-10-03T00:00:00.000Z
Link: CVE-2022-42113

Updated: 2024-08-03T13:03:45.182Z

Status : Modified
Published: 2022-10-18T21:15:16.247
Modified: 2025-05-10T03:15:21.667
Link: CVE-2022-42113

No data.

No data.