Description
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
Remediation
References
Related Vulnerabilities
Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5351)
WordPress Plugin Advanced Ads-Ad Manager & AdSense Unspecified Vulnerability (1.7.1.1)
Caddy Web Server Authentication Bypass by Spoofing Vulnerability (CVE-2023-50463)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9547)
WordPress Plugin Top 10-Popular posts for WordPress Multiple Vulnerabilities (3.2.3)