mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-31 18:50:38 +00:00
783 B
783 B
CVE-2022-25146
Description
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.
POC
Reference
No PoCs from references.