CVE-2022-28980

Name of the Vulnerable Software and Affected Versions Liferay Portal version 7.4.3.4 Liferay DXP version 7.4 GA

Description The issue allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations For Liferay Portal version 7.4.3.4, update to a version that includes the fix for this issue. For Liferay DXP version 7.4 GA, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to parameters with the filter prefix to minimize the risk of exploitation.