-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
-
Component/s: Page Flags widget, Security Vulnerability
-
CVE IDs:CVE-2021-33320
-
CVSS Base Score:5.0
-
CVSS Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
-
7.0 Fix Pack Version:96
-
7.1 Fix Pack Version:20
-
7.2 Fix Pack Version:5
The flags module in Liferay DXP 7.0, 7.1 and 7.2 does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails.