Description The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. Remediation References CVE-2023-28335 Related Vulnerabilities Liferay version older than 7.0 Apache HTTP Server Improper Locking Vulnerability (CVE-2004-0174) Dolphin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3810) Python URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-28861) PostgreSQL Other Vulnerability (CVE-2012-1618) Severity High Classification CVE-2023-28335 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities