Количество 2
Количество 2
CVE-2022-25146
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.
GHSA-ghw5-998m-vw4w
Liferay Portal and Liferay DXP fails to check origin of event messages
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-25146 The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
| GHSA-ghw5-998m-vw4w Liferay Portal and Liferay DXP fails to check origin of event messages | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу