Description
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2014-2398 Vulnerability (CVE-2014-2398)
Oracle Database Server CVE-2009-1973 Vulnerability (CVE-2009-1973)
Oracle Database Server CVE-2014-6467 Vulnerability (CVE-2014-6467)
WordPress Plugin MiwoFTP-File & Folder Manager Multiple Vulnerabilities (1.0.5)
WordPress 4.5.x Cross-Site Scripting Vulnerability (4.5 - 4.5.1)