Liferay DXP 7.4 Update 35

CPE Details

Liferay DXP 7.4 Update 35
liferay
dxp
7.4
2022-09-26
13h29 +00:00
2022-11-04
17h44 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:liferay:dxp:7.4:update_35:*:*:*:*:*:*

Informations

Vendor

liferay

Product

dxp

Version

7.4

Update

update_35

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-42113 2022-10-17 22h00 +00:00 A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
6.1
Medium
CVE-2022-42114 2022-10-17 22h00 +00:00 A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.
5.4
Medium
CVE-2022-38512 2022-09-21 22h17 +00:00 The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.
6.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.