CVE-2021-29050 Information

Description

Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6 and Liferay DXP 7.3 before service pack 1 7.2 before fix pack 11 allows remote attackers to accept the site’s terms of use via social engineering and enticing the user to visit a malicious page.

Reference

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29050