CVE-2023-35030
Description
Cross-site request forgery (CSRF) vulnerability in the Layout modules SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL parameter.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.344
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-35029,CVE-2023-35030 are fixed in Liferay - release.portal.bom 7.4.3.77 | Windows |
| Vulnerabilities CVE-2023-35029,CVE-2023-35030 are affected in Liferay - release.dxp.bom 7.4.13 | Windows |
| Vulnerabilities CVE-2023-35029,CVE-2023-35030 are fixed in Liferay - release.portal.bom for Linux 7.4.3.77 | Linux |
| Vulnerabilities CVE-2023-35029,CVE-2023-35030 are affected in Liferay - release.dxp.bom for Linux 7.4.13 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234