CVE-2022-42115

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.4 through 7.4.3.36

Description A cross-site scripting issue exists in the Object module's edit object details page, allowing remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's Label text field.

Recommendations For versions 7.4.3.4 through 7.4.3.36, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Object module's edit object details page to minimize the risk of exploitation. Avoid using the Label text field in the object field until the issue is resolved.