Description

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Remediation

References

CVE-2023-35029

Related Vulnerabilities

PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0227)

Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)

WordPress 4.0.x Cross-Domain Flash Injection Vulnerability (4.0 - 4.0.21)

WordPress Plugin BackWPup Unspecified Vulnerability (3.4.3)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9640)

Severity

Medium

Classification

CVE-2023-35029 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities