Description
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin CM Table Of Contents Cross-Site Scripting (1.0.7)
Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2969)
WordPress Plugin Sliding Social Icons Cross-Site Request Forgery (1.61)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Arbitrary File Upload (1.2.5)
Squid Uncontrolled Resource Consumption Vulnerability (CVE-2021-28651)