CVE-2021-29050
HIGHLiferay Portal < 7.3.6 and DXP 7.2 < 7.2.10.fp11 - Cross-Site Request Forgery in Terms of Use Page
Title source: llmDescription
Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page.
References (1)
Core 1
Core References
Scores
CVSS v3
8.8
EPSS
0.0028
EPSS Percentile
19.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-352
Status
published
Products (2)
com.liferay.portal/com.liferay.portal.impl
0 - 5.25.0Maven
com.liferay.portal/release.dxp.bom
7.2.0 - 7.2.10.fp11Maven
Published
Feb 20, 2024
Tracked Since
Feb 18, 2026