CVE-2023-35029
Description
Open redirect vulnerability in the Layout modules SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL parameter.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.378
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-35029,CVE-2023-35030 are fixed in Liferay - release.portal.bom 7.4.3.77 | Windows |
| Vulnerabilities CVE-2023-35029,CVE-2023-35030 are affected in Liferay - release.dxp.bom 7.4.13 | Windows |
| Vulnerabilities CVE-2023-35029,CVE-2023-35030 are fixed in Liferay - release.portal.bom for Linux 7.4.3.77 | Linux |
| Vulnerabilities CVE-2023-35029,CVE-2023-35030 are affected in Liferay - release.dxp.bom for Linux 7.4.13 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234