id: CVE-2022-42118 info: name: Liferay Portal - Cross-site Scripting author: ritikchaddha severity: medium description: | A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter. remediation: | Update to Liferay Portal 7.4.3+, DXP 7.1 fix pack 27+, DXP 7.2 fix pack 15+, or DXP 7.3 service pack 3+. reference: - https://issues.liferay.com/browse/LPE-17342 - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118 - https://nvd.nist.gov/vuln/detail/CVE-2022-42118 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-42118 cwe-id: CWE-79 epss-score: 0.00117 epss-percentile: 0.45001 cpe: cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* metadata: vendor: liferay product: liferay_portal shodan-query: html:"var Liferay" fofa-query: body="var Liferay" tags: cve,cve2022,liferay,xss http: - method: GET path: - "{{BaseURL}}/web/guest/home?p_p_id=com_liferay_portal_search_web_portlet_SearchPortlet&p_p_lifecycle=0&_com_liferay_portal_search_web_portlet_SearchPortlet_keywords=test&_com_liferay_portal_search_web_portlet_SearchPortlet_scope=this-site&_com_liferay_portal_search_web_portlet_SearchPortlet_assetTagNames=" matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: header words: - "text/html" - "Liferay Portal" condition: and - type: status status: - 200 # digest: 4b0a00483046022100c4260608f00ce6dcd0ff3834e3d96dfead8169f56d6d8b382321853a7da42b5a022100b9854a9a62243cfcb6e1c2f1345b5136b8fb6dda9c3ada3f7c2fe72b62ac9fa0:922c64590222798bb761d5b6d8e72950