CVE-2021-33338
The CVE affects Liferay Portal/Liferay DXP: Layout module in 7.1.0–7.3.2 and DXP 7.1 before fix pack 19, 7.2 before fix pack 6. The flaw exposes the CSRF token in URLs via the p_auth parameter, enabling MITM to obtain the token and perform CSRF attacks. No exploitation details are provided in the...