CVE-2022-26597

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.0 through 7.4.0 Liferay DXP 7.3 before service pack 3

Description A cross-site scripting (XSS) issue exists in the Layout module's Open Graph integration, allowing remote attackers to inject arbitrary web script or HTML via the site name. This enables attackers to potentially execute malicious scripts on the victim's browser.

Recommendations For Liferay Portal versions 7.3.0 through 7.4.0, consider updating to a version outside of this range or applying a service pack that includes the fix for this issue. For Liferay DXP 7.3 before service pack 3, apply service pack 3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Layout module's Open Graph integration until a patch is available.