CVE-2023-35029

Severity CVSS v4.0:
Pending analysis
Type:
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Publication date:
15/06/2023
Last modified:
22/06/2023

Description

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:liferay:dxp:7.4:update_70:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_71:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_72:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_73:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_74:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_75:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_76:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* 7.4.3.70 (including) 7.4.3.77 (excluding)