QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-28979

Back to search

CVE-2022-28979

Published: Sep 21, 2022

Modified: May 27, 2025

PUBLISHED

Description

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.

VendorProductVersions

n/a

n/a

affected
n/a

References

http://liferay.com
x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now