Description

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.

Remediation

References

CVE-2021-33323

Related Vulnerabilities

WordPress Plugin WP Symposium Cross-Site Scripting (11.11.26)

XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31988)

MediaWiki Improper Input Validation Vulnerability (CVE-2017-0366)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0502)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-10545)

Severity

High

Classification

CVE-2021-33323 CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities