CVE-2022-42113: n/a in n/a
A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
AI Analysis
Technical Summary
CVE-2022-42113 is a Cross-site Scripting (XSS) vulnerability identified in the Document Library module of Liferay Portal versions 7.4.3.30 through 7.4.3.36 and Liferay DXP 7.4 update 30 through update 36. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML code via the 'redirect' parameter. The vulnerability arises due to insufficient input validation or sanitization of the 'redirect' parameter, which is reflected in the web application's response. When a victim user interacts with a crafted URL containing malicious script code in the 'redirect' parameter, the injected script executes in the context of the victim's browser session. This can lead to theft of session cookies, user impersonation, or other malicious actions that compromise confidentiality and integrity of user data. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) shows that the attack is network exploitable, requires no privileges, but does require user interaction (clicking a crafted link). The scope is changed, meaning the vulnerability affects resources beyond the vulnerable component. The impact is limited to partial loss of confidentiality and integrity, with no impact on availability. No known exploits are currently reported in the wild, but the vulnerability is publicly disclosed and could be targeted by attackers. No official patches or mitigation links are provided in the data, so organizations must verify vendor advisories for updates. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS.
Potential Impact
For European organizations using Liferay Portal or Liferay DXP within the affected versions, this vulnerability poses a risk of client-side attacks that can compromise user sessions and data confidentiality. Since Liferay is widely used for enterprise content management, intranet portals, and customer-facing web applications, exploitation could lead to unauthorized access to sensitive information, session hijacking, or phishing attacks leveraging the trusted domain. The impact is particularly significant for organizations handling personal data under GDPR, as successful exploitation could result in data breaches and regulatory penalties. Additionally, the vulnerability could undermine user trust and damage organizational reputation. The requirement for user interaction means social engineering or phishing campaigns may be used to exploit this vulnerability. However, the lack of known active exploits reduces immediate risk, though the public disclosure increases the likelihood of future attacks. Organizations with public-facing Liferay portals are at higher risk compared to internal-only deployments.
Mitigation Recommendations
1. Immediately verify with Liferay for official security patches or updates addressing CVE-2022-42113 and apply them promptly. 2. If patches are not yet available, implement web application firewall (WAF) rules to detect and block malicious payloads targeting the 'redirect' parameter, focusing on script tags and suspicious input patterns. 3. Conduct input validation and output encoding on the 'redirect' parameter at the application level to neutralize potentially malicious scripts. 4. Educate users about phishing risks and suspicious links to reduce the chance of successful social engineering attacks exploiting this vulnerability. 5. Monitor web server and application logs for unusual requests containing suspicious 'redirect' parameter values. 6. Restrict the use of the 'redirect' parameter to a whitelist of safe URLs or domains to prevent arbitrary redirection and script injection. 7. Review and enhance Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers accessing the portal. 8. Regularly audit and test the portal for XSS and other injection vulnerabilities as part of the security program.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden
CVE-2022-42113: n/a in n/a
Description
A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
AI-Powered Analysis
Technical Analysis
CVE-2022-42113 is a Cross-site Scripting (XSS) vulnerability identified in the Document Library module of Liferay Portal versions 7.4.3.30 through 7.4.3.36 and Liferay DXP 7.4 update 30 through update 36. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML code via the 'redirect' parameter. The vulnerability arises due to insufficient input validation or sanitization of the 'redirect' parameter, which is reflected in the web application's response. When a victim user interacts with a crafted URL containing malicious script code in the 'redirect' parameter, the injected script executes in the context of the victim's browser session. This can lead to theft of session cookies, user impersonation, or other malicious actions that compromise confidentiality and integrity of user data. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) shows that the attack is network exploitable, requires no privileges, but does require user interaction (clicking a crafted link). The scope is changed, meaning the vulnerability affects resources beyond the vulnerable component. The impact is limited to partial loss of confidentiality and integrity, with no impact on availability. No known exploits are currently reported in the wild, but the vulnerability is publicly disclosed and could be targeted by attackers. No official patches or mitigation links are provided in the data, so organizations must verify vendor advisories for updates. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS.
Potential Impact
For European organizations using Liferay Portal or Liferay DXP within the affected versions, this vulnerability poses a risk of client-side attacks that can compromise user sessions and data confidentiality. Since Liferay is widely used for enterprise content management, intranet portals, and customer-facing web applications, exploitation could lead to unauthorized access to sensitive information, session hijacking, or phishing attacks leveraging the trusted domain. The impact is particularly significant for organizations handling personal data under GDPR, as successful exploitation could result in data breaches and regulatory penalties. Additionally, the vulnerability could undermine user trust and damage organizational reputation. The requirement for user interaction means social engineering or phishing campaigns may be used to exploit this vulnerability. However, the lack of known active exploits reduces immediate risk, though the public disclosure increases the likelihood of future attacks. Organizations with public-facing Liferay portals are at higher risk compared to internal-only deployments.
Mitigation Recommendations
1. Immediately verify with Liferay for official security patches or updates addressing CVE-2022-42113 and apply them promptly. 2. If patches are not yet available, implement web application firewall (WAF) rules to detect and block malicious payloads targeting the 'redirect' parameter, focusing on script tags and suspicious input patterns. 3. Conduct input validation and output encoding on the 'redirect' parameter at the application level to neutralize potentially malicious scripts. 4. Educate users about phishing risks and suspicious links to reduce the chance of successful social engineering attacks exploiting this vulnerability. 5. Monitor web server and application logs for unusual requests containing suspicious 'redirect' parameter values. 6. Restrict the use of the 'redirect' parameter to a whitelist of safe URLs or domains to prevent arbitrary redirection and script injection. 7. Review and enhance Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers accessing the portal. 8. Regularly audit and test the portal for XSS and other injection vulnerabilities as part of the security program.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-03T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9817c4522896dcbd72a6
Added to database: 5/21/2025, 9:08:39 AM
Last enriched: 7/4/2025, 11:25:01 PM
Last updated: 7/30/2025, 9:17:06 PM
Views: 11
Related Threats
CVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52618: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in HCL Software BigFix SaaS Remediate
MediumCVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.