Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay Portal Origin Validation Error Vulnerability - CVE-2022-25146 - Vulnerability Database
Liferay Portal

Liferay Portal Origin Validation Error Vulnerability - CVE-2022-25146

Medium
Reference: CVE-2022-25146
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-25146
Title: Liferay Portal Origin Validation Error Vulnerability
Overview:

The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App allowing attackers to exfiltrate the CSRF token via a crafted event message.