{"vulnerability": "CVE-2022-4211", "sightings": [{"uuid": "f3c4804d-30d1-49d3-9430-154d701b11cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42118", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-42118.yaml", "content": "", "creation_timestamp": "2025-05-03T16:34:09.000000Z"}, {"uuid": "d8e3c086-52d2-4083-94e9-2e931cb67ecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42118", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lohbckkmji2n", "content": "", "creation_timestamp": "2025-05-05T21:02:24.311998Z"}, {"uuid": "082cda3b-ef86-46c3-b2c8-cf7a1e9f6677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42110", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14136", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42110\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T18:52:45.696Z\n\ud83d\udd17 References:\n1. https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42110\n2. https://issues.liferay.com/browse/LPE-17403", "creation_timestamp": "2025-04-30T19:13:52.000000Z"}, {"uuid": "7c7cdac9-b9be-42ba-a84f-ea9bc0e9d540", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42117", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15976", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42117\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.\n\ud83d\udccf Published: 2022-10-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-12T17:58:44.842Z\n\ud83d\udd17 References:\n1. http://liferay.com\n2. https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117", "creation_timestamp": "2025-05-12T18:29:18.000000Z"}, {"uuid": "d9d52f45-395d-4ca2-9c1e-762537b4a9b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42117", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16006", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42117\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.\n\ud83d\udccf Published: 2022-10-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-12T17:58:44.842Z\n\ud83d\udd17 References:\n1. http://liferay.com\n2. https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117", "creation_timestamp": "2025-05-12T18:37:57.000000Z"}, {"uuid": "5bb949d9-69be-4273-94b9-fad3aa73a574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42117", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15990", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42117\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.\n\ud83d\udccf Published: 2022-10-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-12T17:58:44.842Z\n\ud83d\udd17 References:\n1. http://liferay.com\n2. https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117", "creation_timestamp": "2025-05-12T18:31:37.000000Z"}, {"uuid": "f059a816-300f-4908-8b05-9a3b2a2d03dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42112", "type": "seen", "source": "https://t.me/cibsecurity/51723", "content": "\u203c CVE-2022-42112 \u203c\n\nA Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T00:20:37.000000Z"}, {"uuid": "94bb7248-efd4-46bf-b865-7efe820823e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42114", "type": "seen", "source": "https://t.me/cibsecurity/51727", "content": "\u203c CVE-2022-42114 \u203c\n\nA Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T00:20:41.000000Z"}, {"uuid": "944c9655-2644-4b1d-b15a-ce7899fb20dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42119", "type": "seen", "source": "https://t.me/cibsecurity/52971", "content": "\u203c CVE-2022-42119 \u203c\n\nCertain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-16T07:51:38.000000Z"}]}