Description
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API.
Remediation
References
Related Vulnerabilities
WordPress Plugin Bug Library Cross-Site Scripting (2.0.3)
WordPress Plugin Vertical SlideShow Arbitrary File Upload (2.3)
Ruby on Rails Improper Access Control Vulnerability (CVE-2016-6317)
Python Improper Input Validation Vulnerability (CVE-2021-29921)
WordPress Plugin iPages Flipbook For WordPress Cross-Site Scripting (1.4.2)