CVE-2022-38902

Published Oct 13, 2022

Last updated 2 years ago

CVSS medium 5.4

Overview

Description: A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D86CDCC0-9655-477B-83FA-ADDBB5AF43A2"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CF5B84B-1719-4581-8474-C55CEFFD8305"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D60CDAA3-6029-4904-9D08-BB221BCFD7C3"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B66F47E9-3D82-497E-BD84-E47A65FAF8C3"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0BA4856-59DF-427C-959F-3B836314F5D5"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3A5ADE1-4743-4A78-9FCC-CEB857012A5B"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B420A18-5C8B-470F-9189-C84F8DAA74D5"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7A399C4-6D4B-438C-9BAE-2893E457028A"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CBACD88-B4F8-4496-9706-C666768AC9B9"
          },
          {
            "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "510C440D-8B79-4685-8105-7A21A77CFC61"
          },
          {
            "criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52877E3A-4E07-4B14-BABC-B70266FEFEDE",
            "versionEndIncluding": "7.4.0",
            "versionStartIncluding": "7.3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References