Liferay DXP 7.3 Update 6

CPE Details

Liferay DXP 7.3 Update 6
liferay
dxp
7.3
2022-09-23
11h33 +00:00
2022-09-26
13h45 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:liferay:dxp:7.3:update_6:*:*:*:*:*:*

Informations

Vendor

liferay

Product

dxp

Version

7.3

Update

update_6

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-42119 2022-11-14 23h00 +00:00 Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.
5.4
Moyen
CVE-2022-42114 2022-10-17 22h00 +00:00 A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.
5.4
Moyen
CVE-2022-42117 2022-10-17 22h00 +00:00 A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.
6.1
Moyen
CVE-2022-38902 2022-10-12 22h00 +00:00 A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.
5.4
Moyen
CVE-2022-39975 2022-09-21 21h35 +00:00 The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.
4.3
Moyen