CVE-2022-28978 (GCVE-0-2022-28978)

Vulnerability from cvelistv5 – Published: 2022-09-21 23:38 – Updated: 2025-05-27 18:52
VLAI?
Summary
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:10:58.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://liferay.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-28978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-27T18:52:15.479006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-27T18:52:38.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Stored cross-site scripting (XSS) vulnerability in the Site module\u0027s user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user\u0027s name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-21T23:38:59.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://liferay.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-28978",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stored cross-site scripting (XSS) vulnerability in the Site module\u0027s user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user\u0027s name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://liferay.com",
              "refsource": "MISC",
              "url": "http://liferay.com"
            },
            {
              "name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership",
              "refsource": "MISC",
              "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28978",
    "datePublished": "2022-09-21T23:38:59.000Z",
    "dateReserved": "2022-04-11T00:00:00.000Z",
    "dateUpdated": "2025-05-27T18:52:38.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"43A92274-7D88-4F0F-8265-CF862011F27F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_100:*:*:*:*:*:*\", \"matchCriteriaId\": \"410D1A51-448F-4E98-BC20-8AB63E4008A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_101:*:*:*:*:*:*\", \"matchCriteriaId\": \"614C805B-94C4-4486-B791-59DAB1906EB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_13:*:*:*:*:*:*\", \"matchCriteriaId\": \"4874012D-52AA-4C32-95E9-BD331225B4E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_14:*:*:*:*:*:*\", \"matchCriteriaId\": \"21CAF86F-CEC9-44EE-BAF8-0F7AF9D945F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_24:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF6C9F29-EEFF-4737-BD50-58572D6C14E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_25:*:*:*:*:*:*\", \"matchCriteriaId\": \"D24E1FA0-BD94-4AFC-92BF-AEDEBC7DCF4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_26:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF9B54EE-973B-44B4-8EA2-B58FA49AC561\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_27:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9637223-557D-474B-A46B-D276866376C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_28:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6306F9C-99DE-4F94-8E7F-6747762BEC45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_30:*:*:*:*:*:*\", \"matchCriteriaId\": \"48B7015C-26B9-453E-B3CF-9B220D3A8024\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_33:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FEB6921-3C45-4B7E-8B34-CDC34984583D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_35:*:*:*:*:*:*\", \"matchCriteriaId\": \"525F45DC-2E5C-46A8-AEDF-9D6B8FA2EB11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_36:*:*:*:*:*:*\", \"matchCriteriaId\": \"55755D0C-4C0C-42D9-BE5E-5D33C8BA4C7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_39:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB4FE0F9-EB19-45D7-A953-674629D951F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_40:*:*:*:*:*:*\", \"matchCriteriaId\": \"22E4B63F-01A9-4F85-92BC-A51F41BE4121\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_41:*:*:*:*:*:*\", \"matchCriteriaId\": \"23BE441D-8770-4F4D-86CD-4E53161F54FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_42:*:*:*:*:*:*\", \"matchCriteriaId\": \"E14FF010-3907-4C79-B945-C792E446CB31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_43:*:*:*:*:*:*\", \"matchCriteriaId\": \"B97B5817-B55E-485D-9747-3A50CF7245C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_44:*:*:*:*:*:*\", \"matchCriteriaId\": \"19EBD671-56BD-45D3-9248-DAF3F47B36FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_45:*:*:*:*:*:*\", \"matchCriteriaId\": \"93EDC2A1-9622-44DB-ABA8-754D61B60787\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_46:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4B6A06D-C323-431C-9A65-4FD6A6E4CAB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_47:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE6D4466-1C3A-4D5A-A65C-A30A87EADF1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_48:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F0BC40A-8E13-4665-A2E4-F5815CA70E17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_49:*:*:*:*:*:*\", \"matchCriteriaId\": \"11FB69C3-7755-495A-AB76-201AF4D9623B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_50:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF66F652-6C08-4D47-865D-36E70360B632\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_51:*:*:*:*:*:*\", \"matchCriteriaId\": \"17B68D59-0509-4C6A-B803-03A02EB76F1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_52:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F69B287-3B86-4B64-BCB4-40E9495A628D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_53:*:*:*:*:*:*\", \"matchCriteriaId\": \"C627090E-A1BF-4332-9538-EE4E184DB65E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_54:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A089471-9944-4C75-A25F-1F23C18C0CF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_56:*:*:*:*:*:*\", \"matchCriteriaId\": \"B90E7FBF-6B5B-457A-8B20-ECA69A626BB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_57:*:*:*:*:*:*\", \"matchCriteriaId\": \"1975C1AB-EF50-42E2-9879-17FB763B45F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_58:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFB7BB13-773B-47A6-A001-B9EBA46C917E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_59:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C4A2D39-3725-4E80-9F3F-AC1F4EE662E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_60:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAEDF88B-B9C8-4891-B199-A72C066FC7BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_61:*:*:*:*:*:*\", \"matchCriteriaId\": \"F768E1DD-3DC6-4783-82DE-D089C7CD3C63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_64:*:*:*:*:*:*\", \"matchCriteriaId\": \"426EDA92-FE5A-4523-8AAE-1E5D5D67F535\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_65:*:*:*:*:*:*\", \"matchCriteriaId\": \"070CB609-6D4B-4817-9F91-00BD62423E56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_66:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEE87846-A4CF-47E5-93AA-5D7E2548D28D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_67:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4C11B0E-6D94-4A65-83BE-1E5828710CB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_68:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1DC73B1-4017-424F-A28D-F54F2FA8ED8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_69:*:*:*:*:*:*\", \"matchCriteriaId\": \"32B4FD3C-7BB7-4DA2-9A3A-05A6370B9745\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_70:*:*:*:*:*:*\", \"matchCriteriaId\": \"71293E5B-4DCC-47BC-A493-3540D57E6067\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_71:*:*:*:*:*:*\", \"matchCriteriaId\": \"56A8940B-318E-4C6A-9131-A50E90E82C28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_72:*:*:*:*:*:*\", \"matchCriteriaId\": \"F09B5E82-DC18-4B07-9A05-E433579B4FB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_73:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE25D189-2D6F-4229-BF09-2CEA0A6C5D50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_75:*:*:*:*:*:*\", \"matchCriteriaId\": \"36549BE5-DEDB-408A-BFC9-AB00031D45DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_76:*:*:*:*:*:*\", \"matchCriteriaId\": \"E11B8075-4212-41CB-85AC-09FA1CDB86A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_78:*:*:*:*:*:*\", \"matchCriteriaId\": \"80412DCE-D79F-492A-8788-6A43C4D76D7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_79:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC7A939F-21D1-4AF1-BAB9-E91DFCFFB7A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_80:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F2240FC-EDDC-47F5-B713-07FF2D23CE00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_81:*:*:*:*:*:*\", \"matchCriteriaId\": \"5006AAE4-B154-468A-850C-20171965E2AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_82:*:*:*:*:*:*\", \"matchCriteriaId\": \"1541072D-3F14-47A2-8A42-EF2765643AE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_83:*:*:*:*:*:*\", \"matchCriteriaId\": \"2340C85F-0296-4591-8D23-56634C50C5F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_84:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BEC3C5C-DA8C-4620-A38E-BB47D4CB7CBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_85:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DD38B1F-7EEA-4DB5-A31B-D84DC33313FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_86:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC923A9E-CF9D-44DE-AB58-7BCAAFDDE7D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_87:*:*:*:*:*:*\", \"matchCriteriaId\": \"65542031-04E1-485F-8102-04CB65865ECE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_88:*:*:*:*:*:*\", \"matchCriteriaId\": \"B36F2FBD-E949-4608-9ECF-0F05DD8E487E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_89:*:*:*:*:*:*\", \"matchCriteriaId\": \"D68832F1-6D71-4A63-AA8A-86C0EDF9F8E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_90:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD1F579A-084C-46A9-ADCA-8F3FA45D85D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_91:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC81C494-F68E-4580-87FB-7792C1080DFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_92:*:*:*:*:*:*\", \"matchCriteriaId\": \"6693594D-6731-4223-8C28-4873746B97AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_93:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B96CDC5-F4DE-49A2-B09D-318163EC9A09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_94:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEAE13AF-DEEE-4284-A93D-EFE2647E12FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_95:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EEADDC3-C436-452F-9271-8F30A9D03FE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_96:*:*:*:*:*:*\", \"matchCriteriaId\": \"A775E68D-A18E-433F-A9D0-AB6E71495936\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_97:*:*:*:*:*:*\", \"matchCriteriaId\": \"20CB9AD9-57B1-45E1-B228-EEB4E8615B57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_98:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEAB4602-D612-4568-9579-5FA3840E415A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.0:fix_pack_99:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3BDD320-6142-45BA-A57E-965507A1F76F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2AA7E18-A41B-4F0D-A04F-57C5745D091B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"392B783D-620D-4C71-AAA0-848B16964A27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_10:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F5A94E2-22B7-4D2D-A491-29F395E727C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_11:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9B10908-C42B-4763-9D47-236506B0E84A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_12:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF544435-36AC-49B8-BA50-A6B6D1678BBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_13:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D265542-5333-4CCD-90E5-B5F6A55F9863\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_14:*:*:*:*:*:*\", \"matchCriteriaId\": \"1763CD8B-3ACD-4617-A1CA-B9F77A074977\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_15:*:*:*:*:*:*\", \"matchCriteriaId\": \"F25C66AA-B60D-413C-A848-51E12D6080AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_16:*:*:*:*:*:*\", \"matchCriteriaId\": \"071A0D53-EC95-4B18-9FA3-55208B1F7B94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_17:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC26A9D4-14D6-46B1-BB00-A2C4386EBCA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_18:*:*:*:*:*:*\", \"matchCriteriaId\": \"350CDEDA-9A20-4BC3-BEAE-8346CED10CD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_19:*:*:*:*:*:*\", \"matchCriteriaId\": \"10C6107E-79B3-4672-B3E5-8A2FA9A829CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3233D306-3F8E-40A4-B132-7264E63DD131\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_20:*:*:*:*:*:*\", \"matchCriteriaId\": \"A978B14E-96F6-449F-8D8D-8E782A5A3D19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_21:*:*:*:*:*:*\", \"matchCriteriaId\": \"87600A59-7DD1-49F5-A5A5-EA392193C6A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_22:*:*:*:*:*:*\", \"matchCriteriaId\": \"33EB9718-E83C-43F4-AFF9-86A83F6F75A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_23:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7CDDDE5-5E00-41AB-8517-2E5A1427633D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_24:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5B4F901-D5A9-440D-86B4-76B42C833660\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_25:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AB262B6-E817-461A-9F05-15B1B37D9019\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_3:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EAEA45A-0370-475E-B4CB-395A434DC3A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_4:*:*:*:*:*:*\", \"matchCriteriaId\": \"39310F05-1DB6-43BA-811C-9CB91D6DCF20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_5:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6135B16-C89E-4F49-BA15-823E2AF26D68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_6:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC887BEC-915B-44AC-B473-5448B3D8DCF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_7:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7A7CC60-C294-41EC-B000-D15AAA93A3D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_8:*:*:*:*:*:*\", \"matchCriteriaId\": \"022132F8-6E56-4A29-95D6-3B7861D39CDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.1:fix_pack_9:*:*:*:*:*:*\", \"matchCriteriaId\": \"651DA9B7-9C11-47A7-AF5C-95625C8FFF6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CAAE1B7-982E-4D50-9651-DEEE6CD74EED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFCF99EC-3384-418D-A419-B9DB607BE371\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7CAAF53-AA8E-48CB-9398-35461BE590C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_11:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FB8482E-644B-4DA5-808B-8DBEAB6D8D09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_12:*:*:*:*:*:*\", \"matchCriteriaId\": \"95EFE8B5-EE95-4186-AC89-E9AFD8649D01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_13:*:*:*:*:*:*\", \"matchCriteriaId\": \"90A6E0AF-0B8A-462D-95EF-2239EEE4A50D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_14:*:*:*:*:*:*\", \"matchCriteriaId\": \"48BBAE90-F668-49BF-89AF-2C9547B76836\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"31E05134-A0C5-4937-A228-7D0884276B67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F06C4AD-FD20-4345-8386-0895312F0A00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*\", \"matchCriteriaId\": \"98CC25E2-EC3D-43A2-8D03-06F0E804EA63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*\", \"matchCriteriaId\": \"30933C36-C710-488F-9601-EE1BB749C58A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*\", \"matchCriteriaId\": \"41E94372-A1AE-48B1-82DC-08B7B616473F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*\", \"matchCriteriaId\": \"51FBC8E0-34F8-475C-A1A8-571791CA05F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E73EAEA-FA88-46B9-B9D5-A41603957AD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF9BC654-4E3F-4B40-A6E5-79A818A51BED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"21C55D41-DB66-494D-BEEB-BDAC7CB4B31B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D86CDCC0-9655-477B-83FA-ADDBB5AF43A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:dxp:7.3:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CF5B84B-1719-4581-8474-C55CEFFD8305\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.1\", \"versionEndExcluding\": \"7.4.2\", \"matchCriteriaId\": \"48765E9D-CDEE-4648-A15F-404BDB51CABD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stored cross-site scripting (XSS) vulnerability in the Site module\u0027s user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user\u0027s name.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de tipo cross-site scripting (XSS) Almacenado en la p\\u00e1gina de administraci\\u00f3n de la membres\\u00eda del usuario del m\\u00f3dulo Site en Liferay Portal versiones 7.0.1 hasta 7.4.1, y Liferay DXP versi\\u00f3n 7.0 versiones anteriores a fix pack 102, 7.1 anteriores a fix pack 26, 7.2 anteriores a fix pack 15, y 7.3 anteriores a service pack 3, permite a atacantes remotos inyectar scripts web o HTML arbitrarios por medio del nombre de un usuario\"}]",
      "id": "CVE-2022-28978",
      "lastModified": "2024-11-21T06:58:16.700",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
      "published": "2022-09-22T00:15:09.603",
      "references": "[{\"url\": \"http://liferay.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://liferay.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-28978\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-09-22T00:15:09.603\",\"lastModified\":\"2025-05-27T19:15:21.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stored cross-site scripting (XSS) vulnerability in the Site module\u0027s user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user\u0027s name.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo cross-site scripting (XSS) Almacenado en la p\u00e1gina de administraci\u00f3n de la membres\u00eda del usuario del m\u00f3dulo Site en Liferay Portal versiones 7.0.1 hasta 7.4.1, y Liferay DXP versi\u00f3n 7.0 versiones anteriores a fix pack 102, 7.1 anteriores a fix pack 26, 7.2 anteriores a fix pack 15, y 7.3 anteriores a service pack 3, permite a atacantes remotos inyectar scripts web o HTML arbitrarios por medio del nombre de un usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4614C87F-F39C-4ADD-A7A2-4A498612AD38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_100:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C9B7CF8-5553-47B6-BB57-0429D78AE301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_101:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF82A60A-EA50-4409-9A2B-284C35315DF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"70E12054-0DEE-4B92-B8F6-7DC4B2461113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B566A51-3EFC-4A08-8A4F-A9AA43FBE481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_24:*:*:*:*:*:*\",\"matchCriteriaId\":\"F220793A-FDAC-48C6-B299-39EB3BC077A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_25:*:*:*:*:*:*\",\"matchCriteriaId\":\"F095A9E1-5FE1-46C4-B0E1-97F8767439D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_26:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFD748DD-6FDB-44CD-96BF-026D18CE4207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_27:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A34F2EA-D0F7-4C9B-BFE6-DA334DFD0EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_28:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3C2426-7617-4535-B86A-7F9BA45DFD0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_30:*:*:*:*:*:*\",\"matchCriteriaId\":\"28955834-8E02-4558-ABD3-4958DBB41423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_33:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4206C84-C4BD-4363-A4CA-EE229CE06319\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_35:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F644864-1056-4A0C-ADD7-A1992A0AC07D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_36:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E9BAE9-CD40-4353-95DB-7D9ADC338F95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_39:*:*:*:*:*:*\",\"matchCriteriaId\":\"661E68A2-B365-4962-87CF-CE17A500889F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_40:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D28279-002A-4BC7-9396-E47FC842D7AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_41:*:*:*:*:*:*\",\"matchCriteriaId\":\"C700ED72-4626-48A0-B1BB-E0A7C12D454F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_42:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F473DF1-F70D-4EDB-A011-C8D1C6A21659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_43:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2351EAC-F6AD-4611-B9BD-39C4DFE85B5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_44:*:*:*:*:*:*\",\"matchCriteriaId\":\"357845C1-3834-465A-B9CA-F9C604AA8242\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_45:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD35964D-4156-45B8-A0AB-282DA9F4FA47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_46:*:*:*:*:*:*\",\"matchCriteriaId\":\"35656567-EF24-4948-A72A-C754D6E419B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_47:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9A3D95D-4539-432D-B241-376F312534AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_48:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F329F1-5BB1-42A7-98CE-B0EB5819D60A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_49:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B7111FA-9FD7-4952-AFE1-07D3E14854F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_50:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C7A080F-9C99-41A0-BC63-EBDDC0DF7B8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_51:*:*:*:*:*:*\",\"matchCriteriaId\":\"0383C4C4-A7BB-418D-9A98-AC4233722961\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_52:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA281A20-7599-446B-9587-118E920403D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_53:*:*:*:*:*:*\",\"matchCriteriaId\":\"9514E8F5-1D0B-4CDF-BD03-087326F6C252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_54:*:*:*:*:*:*\",\"matchCriteriaId\":\"78BC7D6C-2A10-4F78-9C41-EA97665C246E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_56:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA9BE427-78D7-4DEE-A174-F3E3675B44A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_57:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C10325C-8670-499B-B003-7D8634539C5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_58:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F692BEB-5CB1-41EA-B715-64AB0036F6CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_59:*:*:*:*:*:*\",\"matchCriteriaId\":\"427C4DF5-9039-4CB5-B600-5F965E20D945\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_60:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B7A2A2-5764-4EDB-AA44-25F8508CF128\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_61:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D94917-5360-4179-A017-1287C63A6E6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_64:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D378A23-113D-47AC-9CB5-2658C357FFB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_65:*:*:*:*:*:*\",\"matchCriteriaId\":\"58FB119E-508C-45F7-8AD8-B67AAAEA53D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_66:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3359A5-D39B-4322-8963-B138D791D232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_67:*:*:*:*:*:*\",\"matchCriteriaId\":\"E11E2FBD-7541-4CE3-8A78-52FB82571547\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_68:*:*:*:*:*:*\",\"matchCriteriaId\":\"3883F470-8D8D-4CB3-BF4A-0C401BDABC83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_69:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BDCF010-04BF-4FA5-9E14-F6461FED3FFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_70:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E8CEA39-4A7F-4827-91FA-31119201D174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_71:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3768AC9-A245-4B81-8D1D-9D9C5354245C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_72:*:*:*:*:*:*\",\"matchCriteriaId\":\"71CA65C9-C0FC-4CBD-A8B0-DD72604A46F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_73:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F06DECA-F45D-49DA-BB24-AA1F0306B0B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_75:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FF2D31F-8719-41A6-ADD5-15BE9409428E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_76:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE56F5E5-73CF-4636-9F98-86BDDA3F6A47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_78:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1A0EFCE-4B74-4B4D-AB6E-5730F26B38FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_79:*:*:*:*:*:*\",\"matchCriteriaId\":\"F02DCC86-C3F7-482C-9BFB-B7971FB10AEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_80:*:*:*:*:*:*\",\"matchCriteriaId\":\"06835B0A-A2DF-44D3-A38F-59E5D5523FFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_81:*:*:*:*:*:*\",\"matchCriteriaId\":\"B746D0CF-76F6-42A1-9056-CA9622DCD806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_82:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFC33A7E-B1CB-4E83-B75C-71F5E7E5E406\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_83:*:*:*:*:*:*\",\"matchCriteriaId\":\"325CFFCF-1609-4D89-B6A8-1C6ACBFDD35B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_84:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD019A57-FC7A-4B1F-9946-FA15C90FC985\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_85:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6B2CD3A-C39C-4F9A-8602-3EC75472181D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_86:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B8DCD85-0E47-44C1-B7DD-E1B4756CEC17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_87:*:*:*:*:*:*\",\"matchCriteriaId\":\"1790D974-2EE0-4405-8F26-BB6DB3BDA23B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_88:*:*:*:*:*:*\",\"matchCriteriaId\":\"416B3F04-AD86-4F91-890E-56BA539AAB06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_89:*:*:*:*:*:*\",\"matchCriteriaId\":\"C12C0E4D-4E9A-4BD7-926E-74BCD42595B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_90:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A659FEF-1BC1-45E8-A01E-1F9A8F2AFAAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_91:*:*:*:*:*:*\",\"matchCriteriaId\":\"3810319D-7DC4-47DD-B568-B0504DBC8209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_92:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9BFFFC0-912A-4F95-A08E-1D264135D1E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_93:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EA924E7-DEF2-45BF-B435-C435AC20AF4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_94:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6809C30-9A81-45E6-92E9-01D54880EFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_95:*:*:*:*:*:*\",\"matchCriteriaId\":\"C194ACCD-CB7E-4DFC-ABB5-7CCEFD83E11B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_96:*:*:*:*:*:*\",\"matchCriteriaId\":\"69856C3C-2ACB-4718-821C-793118094985\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_97:*:*:*:*:*:*\",\"matchCriteriaId\":\"8693CC24-CEF6-4479-A3DA-8FD5C73E9548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_98:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1A95A94-83C6-4DCC-8208-B76B53678B25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_99:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1831C4F-7887-489E-91C1-3997114917DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"27DF695E-B890-42C2-8941-5BB53154755F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"072F6C59-3D86-48D1-A14E-477FFFA3B1D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE68B4A2-3459-4DBA-8BAC-E9AA9FA25264\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"680D7963-1393-4E86-A65F-D4463D532120\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"D81E73DD-FD21-4082-A883-34422AE6C024\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6DD0451-98EA-4140-8294-77A14F063E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE94E76B-8CC2-4E91-B7A3-EEBCC1358FF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"408BD438-E15C-422F-9612-C62A7387FC63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:*:*:*:*:*:*\",\"matchCriteriaId\":\"A78C8B1C-39CB-4C27-B57C-0AF5E7EB50D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AB19E97-BACE-4FCC-A53F-078D61A7A9E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_18:*:*:*:*:*:*\",\"matchCriteriaId\":\"D18ACD28-9182-435C-A30F-DF3BFE13C39A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_19:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE4CC72-C15A-40DE-AFF4-0B6B79BFB2BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"386F0E26-78DC-4D59-A20F-B41D0E59561B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_20:*:*:*:*:*:*\",\"matchCriteriaId\":\"43C11288-1C48-47A0-95DF-A48F3C0285F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_21:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ECF3B18-D0DB-4FB6-9F6F-B63A6CE45081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_22:*:*:*:*:*:*\",\"matchCriteriaId\":\"79AC7C0B-4135-4C24-8D37-A9431156E3E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_23:*:*:*:*:*:*\",\"matchCriteriaId\":\"7289F71D-ECEB-4FB9-A53F-D3F4D1315ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_24:*:*:*:*:*:*\",\"matchCriteriaId\":\"C18AE68F-6EF0-4132-A3D8-C2D77A842137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_25:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C5F0729-7B44-4B9E-949F-6A66D8176E11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"54576481-2AE9-4133-9EFA-B7FBDCA4427D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E29CE810-76D5-4283-B102-70344B6C9506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA869467-C560-4130-A180-86819F6A8673\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC0C94B7-31FB-4115-8EDE-62CC459B6663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DEAA71-53DA-4508-B7E6-924ABED49E66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"467323F6-5CA7-42A0-9810-C6FA694CEC93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"32EFFD8A-1C0D-446B-AAD7-5D23D483D3D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DCF7F39-A198-4F7E-84B7-90C88C1BAA96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7E68DF8-749B-4284-A7C9-929701A86B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"340DF1FE-5720-4516-BA51-F2197A654409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"97E155DE-05C6-4559-94A8-0EFEB958D0C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"0635FB5F-9C90-49C7-A9EF-00C0396FCCAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"77523B76-FC26-41B1-A804-7372E13F4FB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"B15397B8-5087-4239-AE78-D3C37D59DE83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CECAA19-8B7F-44C8-8059-6D4F2105E196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CBCEEB-7C28-4769-813F-3F01E33D2E08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0CB4927-A361-4DFA-BDB8-A454EA2894AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2B771B7-D5CB-4778-A3A8-1005E4EE134C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B9DB383-3791-4A43-BA4D-7695B203E736\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"13F02D77-20E9-4F32-9752-511EB71E6704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"6353CC8F-A6D4-4A0C-8D68-290CD8DEB4F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"759DDB90-6A89-4E4F-BD04-F70EFA5343B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"21C55D41-DB66-494D-BEEB-BDAC7CB4B31B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D86CDCC0-9655-477B-83FA-ADDBB5AF43A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:dxp:7.3:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CF5B84B-1719-4581-8474-C55CEFFD8305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.1\",\"versionEndExcluding\":\"7.4.2\",\"matchCriteriaId\":\"48765E9D-CDEE-4648-A15F-404BDB51CABD\"}]}]}],\"references\":[{\"url\":\"http://liferay.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://liferay.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://liferay.com\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:10:58.317Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-28978\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-27T18:52:15.479006Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-27T18:52:35.747Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"http://liferay.com\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Stored cross-site scripting (XSS) vulnerability in the Site module\u0027s user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user\u0027s name.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-09-21T23:38:59.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://liferay.com\", \"name\": \"http://liferay.com\", \"refsource\": \"MISC\"}, {\"url\": \"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership\", \"name\": \"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Stored cross-site scripting (XSS) vulnerability in the Site module\u0027s user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user\u0027s name.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-28978\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-28978\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-27T18:52:38.796Z\", \"dateReserved\": \"2022-04-11T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-09-21T23:38:59.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.