CVE-2022-42117

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.2 through 7.4.3.16 Liferay DXP versions 7.3 before update 6, and 7.4 before update 17

Description A Cross-site scripting (XSS) issue in the Frontend Taglib module allows remote attackers to inject arbitrary web script or HTML. This can lead to the execution of malicious code on the client-side.

Recommendations For Liferay Portal versions 7.3.2 through 7.4.3.16, update to a version outside of the affected range. For Liferay DXP version 7.3, apply update 6 or later. For Liferay DXP version 7.4, apply update 17 or later.