CVE-2022-25146
The CVE-2022-25146 affects Liferay Portal: v7.4.3.4–v7.4.3.8 and Liferay DXP 7.4 before update 5, in the Remote App module. Root cause: the origin of event messages is not validated against the Remote App origin, allowing CSRF token exfiltration via a crafted event message. Impact: partial confid...