Cross-Site Request Forgery (CSRF)

Liferay Portal is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of requests in the Headless API endpoint parameter, which allows a remote attacker to execute arbitrary Headless API calls by crafting a malicious request...