Description
Liferay Portal 7.1.3, 7.2.1 and possibly earlier unsupported versions, contain an email injection vulnerability. When a user flags a piece of content as inappropriate, an email to the site administrator is generated. An attacker can inject content into this email and use it for a phishing attack.
Severity
Severity 2
Fixed Version(s)
- June 2020 source patch for Liferay Portal 7.2.1. Details for working with source patches can be found on the Patching Liferay Portal page.
- June 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Tue, 09 Jun 2020 02:00:00 +0000