CVE-2022-28982

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.3 through 7.4.2 Liferay DXP versions 7.3 before service pack 3

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag. This enables the execution of malicious code on the client-side, potentially leading to unauthorized actions or data exposure.

Recommendations For Liferay Portal versions 7.3.3 through 7.4.2, update to a version outside of this range to mitigate the risk. For Liferay DXP versions 7.3 before service pack 3, apply service pack 3 or later to resolve the issue. As a temporary workaround, consider restricting user input for tag names to minimize the risk of exploitation.