Description
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.
Remediation
References
Related Vulnerabilities
WordPress Plugin Two-Factor Authentication-Clockwork SMS Cross-Site Scripting (1.0.3)
WordPress Plugin MDC Private Message Cross-Site Scripting (1.0.0)
Nginx Use After Free Vulnerability (CVE-2022-31307)
WordPress Plugin Captcha by BestWebSoft SQL Injection (4.1.7)
WordPress Plugin Site Analytics Multiple Vulnerabilities (1.4.3)