CVE-2022-42118 Scanner
CVE-2022-42118 Scanner - Cross-Site Scripting (XSS) vulnerability in Liferay Portal
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
10 days 15 hours
Scan only one
URL
Toolbox
-
Liferay Portal is a popular enterprise web platform used to build, manage, and deploy digital experiences. It is widely used by organizations for creating scalable websites, intranets, and business applications. Liferay offers flexibility in integration with other systems and is known for its powerful content management and collaboration features. This platform is utilized across various sectors, including education, finance, and government. Liferay Portal enables users to manage large-scale digital content with ease. It also supports both public and private websites, allowing administrators to have granular control over access permissions and content delivery.
This vulnerability, identified as Cross-Site Scripting (XSS), occurs in Liferay Portal's Portal Search module. It allows remote attackers to inject arbitrary web scripts or HTML via the 'tag' parameter in a search query. XSS vulnerabilities typically allow attackers to inject malicious scripts into web pages viewed by other users. This particular vulnerability can be exploited by attackers without needing authentication, making it easier for them to exploit. The impact of this vulnerability can be severe, allowing attackers to steal session cookies or perform actions on behalf of other users. Successful exploitation could compromise the security of users who visit the affected web pages.
The vulnerability is present in Liferay Portal versions 7.1.0 through 7.4.2, as well as in Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3. Attackers can exploit this vulnerability by submitting a specially crafted search request with a malicious payload in the 'tag' parameter. The injection occurs when the search results page reflects this payload within the page's HTML or script content, causing the browser to execute the injected script. The vulnerability is triggered via an HTTP GET request with the malicious payload, which is included in the request to the vulnerable portal search endpoint.
If exploited, this vulnerability could allow attackers to execute malicious scripts in the context of another user's session. This could lead to the theft of sensitive data, such as session cookies or login credentials. Attackers may also perform actions on behalf of the user without their consent, such as modifying content or gaining unauthorized access. In the worst case, the attacker could hijack the user session, leading to a complete compromise of the user account. This would put both individual users and the organization at significant risk, as sensitive data could be exposed or manipulated.
References: