CVE-2022-42113

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.30 through 7.4.3.36 Liferay DXP 7.4 update 30 through update 36

Description A Cross-site scripting (XSS) issue in the Document Library module allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Liferay Portal versions 7.4.3.30 through 7.4.3.36, avoid using the redirect parameter in the Document Library module until a patch is available. For Liferay DXP 7.4 update 30 through update 36, restrict access to the Document Library module to minimize the risk of exploitation.