[LPE-17095] LSV-557: Possible XSS & content spoofing in notifications emails - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.2 DXP (7.2.10)
Fix Version/s: 7.0.X EE, 7.2.X EE
Component/s: Security Vulnerability, User Management
Labels:

CVSS Base Score:
5.3
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7.0 Fix Pack Version:
97
7.2 Fix Pack Version:
9

Description

In Liferay DXP 7.2, DXP 7.1 and DXP 7.0, notification emails may be vulnerable to XSS attacks and content spoofing depending on the security mechanism provided by the receiver's mail client and the design of the notification template.

Affected Version(s)

Vulnerable	Not vulnerable	Unknown
6.2.10 + portal-172
7.0.10 + de-84
7.1.10 + dxp-12
7.2.0
7.2.10

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Sep/20 11:23 AM

Updated:: 11/Feb/21 7:56 AM

Resolved:: 11/Dec/20 1:57 AM

Packages

Version	Package
7.0.X EE
7.2.X EE