CVE-2022-26597
CVE-2022-26597CVE-2022-26597
liferay / digital_experience_platform
Description
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.
Scoring
| CVSS | 6.1 () |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Last modified | 2026-07-05 |