-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 7.0 DE (7.0.10), 7.2 DXP (7.2.10)
-
Component/s: Security Vulnerability, User Management
-
CVSS Base Score:5.3
-
CVSS Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
-
7.0 Fix Pack Version:97
-
7.2 Fix Pack Version:9
In Liferay DXP 7.2, DXP 7.1 and DXP 7.0, notification emails may be vulnerable to XSS attacks and content spoofing depending on the security mechanism provided by the receiver's mail client and the design of the notification template.
Affected Version(s)
Vulnerable | Not vulnerable | Unknown |
---|---|---|
6.2.10 + portal-172 | ||
7.0.10 + de-84 | ||
7.1.10 + dxp-12 | ||
7.2.0 | ||
7.2.10 |