CVE-2022-26594

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
15/04/2022
Last modified:
22/04/2022

Description

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* 7.3.5 (including) 7.3.7 (excluding)
cpe:2.3:a:liferay:liferay_portal:7.4.0:*:*:*:*:*:*:*