Description
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ticket Manager Cross-Site Scripting (1)
WordPress Plugin EmbedStories-Display social media stories Cross-Site Scripting (0.7.4)
WordPress Plugin WP Symposium Arbitrary File Upload (14.11)
Joomla Improper Input Validation Vulnerability (CVE-2006-4466)
Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)