Description

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.

Remediation

References

CVE-2021-33323

Related Vulnerabilities

Joomla! Core 3.x.x Cross-Site Scripting (3.1.2 - 3.8.7)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20416)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.21)

WordPress Plugin Asgaros Forum Multiple Vulnerabilities (1.15.14)

WordPress Plugin Live Product Editor for WooCommerce Security Bypass (4.6.2)

Severity

High

Classification

CVE-2021-33323 CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities