2 matches found
CVE-2021-29050
CVE-2021-29050 describes a Cross-Site Request Forgery (CSRF) in the terms of use page of Liferay Portal prior to 7.3.6 and Liferay DXP 7.3 before SP1, and 7.2 before FP-11.** The underlying issue** is insufficient validation on the terms-of-use acceptance flow, enabling remote attackers to trick ...
CVE-2021-29050
Cross-Site Request Forgery CSRF vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page...