Description
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin BSK PDF Manager Multiple Cross-Site Scripting Vulnerabilities (1.3)
Grafana Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-21703)
WordPress Plugin WordPress Download Manager Security Bypass (2.7.2)
WordPress Plugin Event Tickets CSV Injection (4.10.7.1)
WordPress Plugin Search and Share Cross-Site Scripting (0.9.3)