Description
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Fotobook Cross-Site Scripting (3.2.3)
ATutor Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-43498)
MySQL CVE-2015-0499 Vulnerability (CVE-2015-0499)
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.21)
WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.3)