CVE-2021-29050
Description
Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the sites terms of use via social engineering and enticing the user to visit a malicious page.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.592
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-29050 are fixed in Liferay - release.dxp.bom 7.2.10 | Windows |
| Vulnerabilities CVE-2021-29050 are fixed in Liferay - com.liferay.portal.impl 5.25.0 | Windows |
| Vulnerabilities CVE-2021-29050 are fixed in Liferay - release.dxp.bom for Linux 7.2.10 | Linux |
| Vulnerabilities CVE-2021-29050 are fixed in Liferay - com.liferay.portal.impl for Linux 5.25.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234