The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.
2022-09-22T01:15:11.897
2025-05-27T18:15:29.030
Modified
CVSSv3.1: 6.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | dxp | 7.4 | Yes |
| Application | liferay | liferay_portal | ≤ 7.4.3.36 | Yes |