LiveActive security incident?Get immediate response
CVE archive

2022 CVE Archive

Browse CVE records published in 2022 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 26421 matching CVEs · Page 2 of 529.

Medium · CVSS 5.9

CVE-2022-42132: The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102...

The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.

Published Nov 15, 2022 · Updated Jul 9, 2026

High · CVSS 7.5

CVE-2022-42124: ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Li...

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.

Published Nov 15, 2022 · Updated Jul 9, 2026

High · CVSS 8.8

CVE-2022-42121: A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP...

A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field.

Published Nov 15, 2022 · Updated Jul 9, 2026

Medium · CVSS 6.1

CVE-2022-42116: A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Lif...

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.

Published Oct 18, 2022 · Updated Jul 9, 2026