{"id":"CVE-2022-42115","details":"Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field.","aliases":["GHSA-x43w-xphx-86w3"],"modified":"2026-07-15T01:48:53.309763691Z","published":"2022-10-18T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/42xxx/CVE-2022-42115.json","unresolved_ranges":[{"extracted_events":[{"introduced":"7.4.3.4"},{"fixed":"7.4.3.36"}],"source":"DESCRIPTION"}],"cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42115"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/42xxx/CVE-2022-42115.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42115"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/liferay/liferay-portal","events":[{"introduced":"0"},{"fixed":"6f67c755b09761bc6b98ea21ec63218f7f803efe"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"7.4.3.4"},{"fixed":"7.4.3.37"}]}}],"versions":["7.4.3.7-ga7","7.4.3.6-ga6","7.4.3.5-ga5","7.4.3.4-ga4","7.4.2-ga3","7.4.1-ga2","7.4.0-ga1","7.3.5-ga6","7.3.4-ga5","test-fix-pack-base-7310","7.3.3-ga4","7.3.2-ga3","7.3.1-ga2","7.3.0-ga1","7.2.0-b3","7.2.0-b2","7.2.0-b1","7.2.0-a1","7.2.0-m2","7.1.0-b2","7.1.0-b1","7.1.0-a2","7.1.0-a1","7.1.0-m2","7.1.0-m1","sync-3.1.0-ga1","sync-3.0.10-ga2","sync-3.0.9-ga1","sync-3.0.8-b9","7.0.0-m5","sync-3.0.7-b8","sync-3.0.6-b7","sync-3.0.5-b6","sync-3.0.4-b5","sync-3.0.3-b4","sync-3.0.2-b3","sync-3.0.1-b2","sync-3.0.0-b1","7.0.0-m4","7.0.0-m3","7.0.0-m2","7.0.0-m1","6.2.0-b2","6.2.0-b1","6.2.0-m6","6.2.0-m5","6.2.0-m4","6.2.0-m3","6.2.0-m2","6.1.0-rc1","6.1.0-b4","6.1.0-b3","6.1.0-b2","6.1.0-b1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42115.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}