Description
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.
Remediation
References
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2009-1272)
Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)
PHP Out-of-bounds Read Vulnerability (CVE-2020-7064)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-26690)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.3.29)