FKIE_CVE-2022-28978
Vulnerability from fkie_nvd - Published: 2022-09-22 00:15 - Updated: 2025-05-27 19:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4614C87F-F39C-4ADD-A7A2-4A498612AD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_100:*:*:*:*:*:*",
"matchCriteriaId": "8C9B7CF8-5553-47B6-BB57-0429D78AE301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_101:*:*:*:*:*:*",
"matchCriteriaId": "FF82A60A-EA50-4409-9A2B-284C35315DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_13:*:*:*:*:*:*",
"matchCriteriaId": "70E12054-0DEE-4B92-B8F6-7DC4B2461113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_14:*:*:*:*:*:*",
"matchCriteriaId": "3B566A51-3EFC-4A08-8A4F-A9AA43FBE481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_24:*:*:*:*:*:*",
"matchCriteriaId": "F220793A-FDAC-48C6-B299-39EB3BC077A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_25:*:*:*:*:*:*",
"matchCriteriaId": "F095A9E1-5FE1-46C4-B0E1-97F8767439D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_26:*:*:*:*:*:*",
"matchCriteriaId": "DFD748DD-6FDB-44CD-96BF-026D18CE4207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_27:*:*:*:*:*:*",
"matchCriteriaId": "0A34F2EA-D0F7-4C9B-BFE6-DA334DFD0EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_28:*:*:*:*:*:*",
"matchCriteriaId": "4B3C2426-7617-4535-B86A-7F9BA45DFD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_30:*:*:*:*:*:*",
"matchCriteriaId": "28955834-8E02-4558-ABD3-4958DBB41423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_33:*:*:*:*:*:*",
"matchCriteriaId": "C4206C84-C4BD-4363-A4CA-EE229CE06319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_35:*:*:*:*:*:*",
"matchCriteriaId": "4F644864-1056-4A0C-ADD7-A1992A0AC07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_36:*:*:*:*:*:*",
"matchCriteriaId": "91E9BAE9-CD40-4353-95DB-7D9ADC338F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_39:*:*:*:*:*:*",
"matchCriteriaId": "661E68A2-B365-4962-87CF-CE17A500889F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_40:*:*:*:*:*:*",
"matchCriteriaId": "A5D28279-002A-4BC7-9396-E47FC842D7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_41:*:*:*:*:*:*",
"matchCriteriaId": "C700ED72-4626-48A0-B1BB-E0A7C12D454F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_42:*:*:*:*:*:*",
"matchCriteriaId": "8F473DF1-F70D-4EDB-A011-C8D1C6A21659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_43:*:*:*:*:*:*",
"matchCriteriaId": "C2351EAC-F6AD-4611-B9BD-39C4DFE85B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_44:*:*:*:*:*:*",
"matchCriteriaId": "357845C1-3834-465A-B9CA-F9C604AA8242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_45:*:*:*:*:*:*",
"matchCriteriaId": "DD35964D-4156-45B8-A0AB-282DA9F4FA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_46:*:*:*:*:*:*",
"matchCriteriaId": "35656567-EF24-4948-A72A-C754D6E419B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_47:*:*:*:*:*:*",
"matchCriteriaId": "E9A3D95D-4539-432D-B241-376F312534AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_48:*:*:*:*:*:*",
"matchCriteriaId": "81F329F1-5BB1-42A7-98CE-B0EB5819D60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_49:*:*:*:*:*:*",
"matchCriteriaId": "5B7111FA-9FD7-4952-AFE1-07D3E14854F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_50:*:*:*:*:*:*",
"matchCriteriaId": "2C7A080F-9C99-41A0-BC63-EBDDC0DF7B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_51:*:*:*:*:*:*",
"matchCriteriaId": "0383C4C4-A7BB-418D-9A98-AC4233722961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_52:*:*:*:*:*:*",
"matchCriteriaId": "AA281A20-7599-446B-9587-118E920403D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_53:*:*:*:*:*:*",
"matchCriteriaId": "9514E8F5-1D0B-4CDF-BD03-087326F6C252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_54:*:*:*:*:*:*",
"matchCriteriaId": "78BC7D6C-2A10-4F78-9C41-EA97665C246E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_56:*:*:*:*:*:*",
"matchCriteriaId": "CA9BE427-78D7-4DEE-A174-F3E3675B44A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_57:*:*:*:*:*:*",
"matchCriteriaId": "6C10325C-8670-499B-B003-7D8634539C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_58:*:*:*:*:*:*",
"matchCriteriaId": "5F692BEB-5CB1-41EA-B715-64AB0036F6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_59:*:*:*:*:*:*",
"matchCriteriaId": "427C4DF5-9039-4CB5-B600-5F965E20D945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_60:*:*:*:*:*:*",
"matchCriteriaId": "44B7A2A2-5764-4EDB-AA44-25F8508CF128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_61:*:*:*:*:*:*",
"matchCriteriaId": "55D94917-5360-4179-A017-1287C63A6E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_64:*:*:*:*:*:*",
"matchCriteriaId": "1D378A23-113D-47AC-9CB5-2658C357FFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_65:*:*:*:*:*:*",
"matchCriteriaId": "58FB119E-508C-45F7-8AD8-B67AAAEA53D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_66:*:*:*:*:*:*",
"matchCriteriaId": "8B3359A5-D39B-4322-8963-B138D791D232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_67:*:*:*:*:*:*",
"matchCriteriaId": "E11E2FBD-7541-4CE3-8A78-52FB82571547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_68:*:*:*:*:*:*",
"matchCriteriaId": "3883F470-8D8D-4CB3-BF4A-0C401BDABC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_69:*:*:*:*:*:*",
"matchCriteriaId": "1BDCF010-04BF-4FA5-9E14-F6461FED3FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_70:*:*:*:*:*:*",
"matchCriteriaId": "7E8CEA39-4A7F-4827-91FA-31119201D174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_71:*:*:*:*:*:*",
"matchCriteriaId": "D3768AC9-A245-4B81-8D1D-9D9C5354245C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_72:*:*:*:*:*:*",
"matchCriteriaId": "71CA65C9-C0FC-4CBD-A8B0-DD72604A46F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_73:*:*:*:*:*:*",
"matchCriteriaId": "9F06DECA-F45D-49DA-BB24-AA1F0306B0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_75:*:*:*:*:*:*",
"matchCriteriaId": "6FF2D31F-8719-41A6-ADD5-15BE9409428E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_76:*:*:*:*:*:*",
"matchCriteriaId": "DE56F5E5-73CF-4636-9F98-86BDDA3F6A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_78:*:*:*:*:*:*",
"matchCriteriaId": "A1A0EFCE-4B74-4B4D-AB6E-5730F26B38FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_79:*:*:*:*:*:*",
"matchCriteriaId": "F02DCC86-C3F7-482C-9BFB-B7971FB10AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_80:*:*:*:*:*:*",
"matchCriteriaId": "06835B0A-A2DF-44D3-A38F-59E5D5523FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_81:*:*:*:*:*:*",
"matchCriteriaId": "B746D0CF-76F6-42A1-9056-CA9622DCD806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_82:*:*:*:*:*:*",
"matchCriteriaId": "FFC33A7E-B1CB-4E83-B75C-71F5E7E5E406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_83:*:*:*:*:*:*",
"matchCriteriaId": "325CFFCF-1609-4D89-B6A8-1C6ACBFDD35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_84:*:*:*:*:*:*",
"matchCriteriaId": "BD019A57-FC7A-4B1F-9946-FA15C90FC985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_85:*:*:*:*:*:*",
"matchCriteriaId": "A6B2CD3A-C39C-4F9A-8602-3EC75472181D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_86:*:*:*:*:*:*",
"matchCriteriaId": "1B8DCD85-0E47-44C1-B7DD-E1B4756CEC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_87:*:*:*:*:*:*",
"matchCriteriaId": "1790D974-2EE0-4405-8F26-BB6DB3BDA23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_88:*:*:*:*:*:*",
"matchCriteriaId": "416B3F04-AD86-4F91-890E-56BA539AAB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_89:*:*:*:*:*:*",
"matchCriteriaId": "C12C0E4D-4E9A-4BD7-926E-74BCD42595B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_90:*:*:*:*:*:*",
"matchCriteriaId": "9A659FEF-1BC1-45E8-A01E-1F9A8F2AFAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_91:*:*:*:*:*:*",
"matchCriteriaId": "3810319D-7DC4-47DD-B568-B0504DBC8209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_92:*:*:*:*:*:*",
"matchCriteriaId": "D9BFFFC0-912A-4F95-A08E-1D264135D1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_93:*:*:*:*:*:*",
"matchCriteriaId": "9EA924E7-DEF2-45BF-B435-C435AC20AF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_94:*:*:*:*:*:*",
"matchCriteriaId": "E6809C30-9A81-45E6-92E9-01D54880EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_95:*:*:*:*:*:*",
"matchCriteriaId": "C194ACCD-CB7E-4DFC-ABB5-7CCEFD83E11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_96:*:*:*:*:*:*",
"matchCriteriaId": "69856C3C-2ACB-4718-821C-793118094985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_97:*:*:*:*:*:*",
"matchCriteriaId": "8693CC24-CEF6-4479-A3DA-8FD5C73E9548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_98:*:*:*:*:*:*",
"matchCriteriaId": "B1A95A94-83C6-4DCC-8208-B76B53678B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_99:*:*:*:*:*:*",
"matchCriteriaId": "A1831C4F-7887-489E-91C1-3997114917DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "27DF695E-B890-42C2-8941-5BB53154755F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "072F6C59-3D86-48D1-A14E-477FFFA3B1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:*:*:*:*:*:*",
"matchCriteriaId": "FE68B4A2-3459-4DBA-8BAC-E9AA9FA25264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:*:*:*:*:*:*",
"matchCriteriaId": "680D7963-1393-4E86-A65F-D4463D532120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:*:*:*:*:*:*",
"matchCriteriaId": "D81E73DD-FD21-4082-A883-34422AE6C024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:*:*:*:*:*:*",
"matchCriteriaId": "E6DD0451-98EA-4140-8294-77A14F063E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:*:*:*:*:*:*",
"matchCriteriaId": "CE94E76B-8CC2-4E91-B7A3-EEBCC1358FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:*:*:*:*:*:*",
"matchCriteriaId": "408BD438-E15C-422F-9612-C62A7387FC63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:*:*:*:*:*:*",
"matchCriteriaId": "A78C8B1C-39CB-4C27-B57C-0AF5E7EB50D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17:*:*:*:*:*:*",
"matchCriteriaId": "0AB19E97-BACE-4FCC-A53F-078D61A7A9E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_18:*:*:*:*:*:*",
"matchCriteriaId": "D18ACD28-9182-435C-A30F-DF3BFE13C39A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_19:*:*:*:*:*:*",
"matchCriteriaId": "CFE4CC72-C15A-40DE-AFF4-0B6B79BFB2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "386F0E26-78DC-4D59-A20F-B41D0E59561B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_20:*:*:*:*:*:*",
"matchCriteriaId": "43C11288-1C48-47A0-95DF-A48F3C0285F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_21:*:*:*:*:*:*",
"matchCriteriaId": "5ECF3B18-D0DB-4FB6-9F6F-B63A6CE45081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_22:*:*:*:*:*:*",
"matchCriteriaId": "79AC7C0B-4135-4C24-8D37-A9431156E3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_23:*:*:*:*:*:*",
"matchCriteriaId": "7289F71D-ECEB-4FB9-A53F-D3F4D1315ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_24:*:*:*:*:*:*",
"matchCriteriaId": "C18AE68F-6EF0-4132-A3D8-C2D77A842137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_25:*:*:*:*:*:*",
"matchCriteriaId": "4C5F0729-7B44-4B9E-949F-6A66D8176E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "54576481-2AE9-4133-9EFA-B7FBDCA4427D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "E29CE810-76D5-4283-B102-70344B6C9506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "DA869467-C560-4130-A180-86819F6A8673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:*:*:*:*:*:*",
"matchCriteriaId": "CC0C94B7-31FB-4115-8EDE-62CC459B6663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:*:*:*:*:*:*",
"matchCriteriaId": "07DEAA71-53DA-4508-B7E6-924ABED49E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "467323F6-5CA7-42A0-9810-C6FA694CEC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:*:*:*:*:*:*",
"matchCriteriaId": "32EFFD8A-1C0D-446B-AAD7-5D23D483D3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*",
"matchCriteriaId": "0DCF7F39-A198-4F7E-84B7-90C88C1BAA96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "E7E68DF8-749B-4284-A7C9-929701A86B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:*",
"matchCriteriaId": "340DF1FE-5720-4516-BA51-F2197A654409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:*",
"matchCriteriaId": "97E155DE-05C6-4559-94A8-0EFEB958D0C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:*",
"matchCriteriaId": "0635FB5F-9C90-49C7-A9EF-00C0396FCCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*",
"matchCriteriaId": "77523B76-FC26-41B1-A804-7372E13F4FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:*",
"matchCriteriaId": "B15397B8-5087-4239-AE78-D3C37D59DE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "7CECAA19-8B7F-44C8-8059-6D4F2105E196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "68CBCEEB-7C28-4769-813F-3F01E33D2E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "C0CB4927-A361-4DFA-BDB8-A454EA2894AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "B2B771B7-D5CB-4778-A3A8-1005E4EE134C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:*",
"matchCriteriaId": "3B9DB383-3791-4A43-BA4D-7695B203E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:*",
"matchCriteriaId": "13F02D77-20E9-4F32-9752-511EB71E6704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "6353CC8F-A6D4-4A0C-8D68-290CD8DEB4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:*",
"matchCriteriaId": "759DDB90-6A89-4E4F-BD04-F70EFA5343B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*",
"matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D86CDCC0-9655-477B-83FA-ADDBB5AF43A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CF5B84B-1719-4581-8474-C55CEFFD8305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48765E9D-CDEE-4648-A15F-404BDB51CABD",
"versionEndExcluding": "7.4.2",
"versionStartIncluding": "7.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in the Site module\u0027s user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user\u0027s name."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) Almacenado en la p\u00e1gina de administraci\u00f3n de la membres\u00eda del usuario del m\u00f3dulo Site en Liferay Portal versiones 7.0.1 hasta 7.4.1, y Liferay DXP versi\u00f3n 7.0 versiones anteriores a fix pack 102, 7.1 anteriores a fix pack 26, 7.2 anteriores a fix pack 15, y 7.3 anteriores a service pack 3, permite a atacantes remotos inyectar scripts web o HTML arbitrarios por medio del nombre de un usuario"
}
],
"id": "CVE-2022-28978",
"lastModified": "2025-05-27T19:15:21.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-22T00:15:09.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://liferay.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://liferay.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…