Description
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14878 Vulnerability (CVE-2020-14878)
PostgreSQL Improper Access Control Vulnerability (CVE-2019-10127)
ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2044)
WordPress Plugin AMP Toolbox Cross-Site Scripting (1.9.4)
WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)