This issue does not affect Liferay 5.0. This issue was discovered by Simo Ahava. As XSS is a common vulnerability, there are many related XSS advisories published by Cisco, Microsoft, Mozilla, Google and many other vendors. All the related XSS advisories can be found at https://www.kb.cert.org/vuls/id/922.
Description of the SSL vulnerability
The most recent SSL vulnerability, CVE-2022-42112, was discovered by Simo Ahava. This issue does not affect Liferay 5.0 and does not affect any other versions of Liferay. This issue was addressed in Liferay 6.1.6 and can be mitigated in Liferay 6.2.9 and later releases by disabling support for TLS renegotiation in all contexts (see the Migration Guide if you are upgrading from an earlier release).
How to fix the issue?
The first thing to do is to find out if your Liferay instance is vulnerable. If you have access to the server but not the application, you can use a tool like Fiddler or Burp Suite to confirm that you are vulnerable.
If Liferay 5.0 is installed on the server and there are no other vulnerabilities found, the issue must be addressed in one of these following ways:
Upgrade to Liferay 7.1 GA2 or later
Install Liferay 6.2 GA4 or later
Remove the affected modules from your server
CVE-2023-42112
This issue does not affect Liferay 5.0. This issue was discovered by Simo Ahava. As XSS is a common vulnerability, there are many related XSS advisories published by Cisco, Microsoft, Mozilla, Google and many other vendors. All the related XSS advisories can be found at https://www.kb.cert.org/vuls/id/922.
The importance of digital marketing: 6 reasons why digital marketing is important
Digital marketing is a valuable asset to your business’s growth and helps you establish an authoritative online presence. In fact, 89 percent of marketers say methods like search engine optimization (SEO) are successful. Additionally, methods like pay-per-click (PPC) advertising increase brand awareness by as much as 80 percent. So, why is digital marketing important? By investing in digital you will help your business grow. With digital marketing you can target your audience more precisely than traditional methods and reach them directly with relevant information about your company's products or services
Vulnerability Overview
A vulnerability has been discovered in the web-based user interface of the Liferay Portal. This vulnerability is caused by a reflected cross-site scripting (XSS) vulnerability and can be exploited through Liferay Portal running on any operating system.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/20/2022 17:33:00 UTC