A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Sat, 10 May 2025 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-05-10T02:41:17.822Z
Reserved: 2022-10-03T00:00:00.000Z
Link: CVE-2022-42114

Updated: 2024-08-03T13:03:44.095Z

Status : Modified
Published: 2022-10-18T21:15:16.287
Modified: 2025-05-10T03:15:21.827
Link: CVE-2022-42114

No data.

No data.