{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42116", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-13T14:39:12.020Z", "dateReserved": "2022-10-03T00:00:00.000Z", "datePublished": "2022-10-18T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-10-18T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://liferay.com"}, {"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.784Z"}, "title": "CVE Program Container", "references": [{"url": "http://liferay.com", "tags": ["x_transferred"]}, {"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-13T14:38:42.434125Z", "id": "CVE-2022-42116", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T14:39:12.020Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://liferay.com", "tags": ["x_transferred"]}, {"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.784Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-42116", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-13T14:38:42.434125Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T14:39:08.838Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://liferay.com"}, {"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116"}], "descriptions": [{"lang": "en", "value": "A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-10-18T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-42116", "state": "PUBLISHED", "dateUpdated": "2025-05-13T14:39:12.020Z", "dateReserved": "2022-10-03T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-10-18T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:dxp:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C0B6536-11D4-48A1-8EC8-FCDFFFD07540", "versionEndExcluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*", "matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*", "matchCriteriaId": "9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*", "matchCriteriaId": "D86CDCC0-9655-477B-83FA-ADDBB5AF43A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp3:*:*:*:*:*:*", "matchCriteriaId": "1CF5B84B-1719-4581-8474-C55CEFFD8305", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_1:*:*:*:*:*:*", "matchCriteriaId": "D60CDAA3-6029-4904-9D08-BB221BCFD7C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_2:*:*:*:*:*:*", "matchCriteriaId": "B66F47E9-3D82-497E-BD84-E47A65FAF8C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_3:*:*:*:*:*:*", "matchCriteriaId": "A0BA4856-59DF-427C-959F-3B836314F5D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_4:*:*:*:*:*:*", "matchCriteriaId": "F3A5ADE1-4743-4A78-9FCC-CEB857012A5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_5:*:*:*:*:*:*", "matchCriteriaId": "2B420A18-5C8B-470F-9189-C84F8DAA74D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:ga1:*:*:*:*:*:*", "matchCriteriaId": "186D21EA-CD15-4F50-B129-6EF8DCB4FE50", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_1:*:*:*:*:*:*", "matchCriteriaId": "46AF397F-A95C-4FAD-A6EA-CB623B7A262A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_10:*:*:*:*:*:*", "matchCriteriaId": "3B8C3B3F-1BBB-47A5-A789-B207B6346FFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_11:*:*:*:*:*:*", "matchCriteriaId": "AD5D1171-954A-4E75-813D-E8392CFE4029", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_12:*:*:*:*:*:*", "matchCriteriaId": "F148098A-D867-4C8B-9632-6B7F24D50C30", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_13:*:*:*:*:*:*", "matchCriteriaId": "8A112ED2-27C2-45E3-8FA0-6043F7D3BEED", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_14:*:*:*:*:*:*", "matchCriteriaId": "0744AC04-9663-4DA1-9657-EC5BF0C68499", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_2:*:*:*:*:*:*", "matchCriteriaId": "C2C2351E-BDEE-4A79-A00C-6520B54996EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_3:*:*:*:*:*:*", "matchCriteriaId": "25F5C3E9-CBB0-4114-91A4-41F0E666026A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_4:*:*:*:*:*:*", "matchCriteriaId": "5E2B5687-B311-460E-A562-D754AF271F8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_5:*:*:*:*:*:*", "matchCriteriaId": "B49D0CB9-8ED7-46AB-9BA5-7235A2CD9117", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_6:*:*:*:*:*:*", "matchCriteriaId": "DF169364-096C-4294-B89F-C07AF1DCC9C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_7:*:*:*:*:*:*", "matchCriteriaId": "30CB2C54-1A20-4226-ACC6-AC8131899AE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_8:*:*:*:*:*:*", "matchCriteriaId": "65693260-5B0F-47AA-BF08-D2979997A40A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_9:*:*:*:*:*:*", "matchCriteriaId": "C9116909-04C3-4040-B945-4A6225425520", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DC7AD5B-063F-4C30-A9D9-08C3F90185D9", "versionEndExcluding": "7.4.3.15", "versionStartIncluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-site scripting (XSS) en la integraci\u00f3n del m\u00f3dulo Frontend Editor con CKEditor en Liferay Portal versiones 7.3.2 hasta 7.4.3.14, y Liferay DXP versiones 7.3 anteriores a update 6, y versiones 7.4 anteriores a update 15, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio del par\u00e1metro (1) name, o (2) namespace"}], "id": "CVE-2022-42116", "lastModified": "2025-05-13T15:15:50.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-10-18T21:15:16.373", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "http://liferay.com"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://liferay.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}