Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-25146
HistoryMar 02, 2022 - 11:28 p.m.

CVE-2022-25146

2022-03-0223:28:42
mitre
www.cve.org
8
liferay portal
remote app module
csrf token
exfiltration
crafted event message

EPSS

0.001

Percentile

31.1%

JSON

The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.

Related

prion 1
veracode 1
osv 1
cnvd 1
nvd 1
cve 1
prion
prion
Cross site request forgery (csrf)
2022-03-03 00:15:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-03-04 00:01:17
osv
osv
BIT-liferay-2022-25146
2024-01-31 15:21:26
cnvd
cnvd
Liferay Portal Information Disclosure Vulnerability (CNVD-2022-19509)
2022-03-04 00:00:00
nvd
nvd
CVE-2022-25146
2022-03-03 00:15:08
cve
cve
CVE-2022-25146
2022-03-03 00:15:08

EPSS

0.001

Percentile

31.1%

JSON
Related for CVELIST:CVE-2022-25146
prion1veracode1osv1cnvd1nvd1cve1