Description

The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.

Remediation

References

CVE-2021-33324

Related Vulnerabilities

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25798)

MySQL CVE-2022-21358 Vulnerability (CVE-2022-21358)

WordPress Plugin Quiz Tool Lite Multiple Cross-Site Scripting Vulnerabilities (2.3.15)

WordPress Plugin WP Media Cleaner Multiple Cross-Site Scripting Vulnerabilities (2.2.6)

MySQL CVE-2021-35640 Vulnerability (CVE-2021-35640)

Severity

Medium

Classification

CVE-2021-33324 CWE-276

Tags

Missing Update Known Vulnerabilities