LSV-855: Stored XSS with ERC in Commerce catalog

Affects versions

7.3 DXP (7.3.10)

Fix versions

7.3.X EE

7.0 Fix Pack Version

None

7.1 Fix Pack Version

None

7.2 Fix Pack Version

None

7.3 Fix Pack Version

7.4 Fix Pack Version

None

CVE IDs

CVE-2022-42119

CVSS Base Score

5.4

CVSS Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Labels

None

Description

Cross-site scripting (XSS) vulnerability in the Commerce module's edit catalog page in Liferay DXP 7.3 before update 8 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_externalReferenceCode parameter.

Activity

Show:

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
EE Support
Reporter
Samuel Kong(Deactivated)
Priority
Low

Zendesk Support

Created September 22, 2022 at 3:29 AM

Updated October 18, 2022 at 7:07 PM

Resolved October 18, 2022 at 7:07 PM

Configure

LSV-855: Stored XSS with ERC in Commerce catalog

Affects versions

Fix versions

7.0 Fix Pack Version

7.1 Fix Pack Version

7.2 Fix Pack Version

7.3 Fix Pack Version

7.4 Fix Pack Version

CVE IDs

CVSS Base Score

CVSS Vector String

Labels

Description

Activity

DetailsAssigneeEE SupportEE SupportReporterSamuel KongSamuel Kong(Deactivated)PriorityLow

Details

Assignee

Reporter

Priority

Zendesk SupportLinked Tickets

Zendesk Support

Details
Assignee
EE Support
Reporter
Samuel Kong(Deactivated)
Priority
Low

Zendesk Support