Liferay: >> Digital Experience Platform >> 7.4 Security Vulnerabilities
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-03-03
Page 19