Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names.
History

Sun, 05 Jul 2026 12:30:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-07-09T00:18:02.597Z

Reserved: 2022-03-07T00:00:00.000Z

Link: CVE-2022-26596

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-25T16:16:09.067

Modified: 2026-06-17T04:35:31.627

Link: CVE-2022-26596

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.