6.1

CVE-2023-35029

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LiferayDxp Version7.4 Updateupdate_70
LiferayDxp Version7.4 Updateupdate_71
LiferayDxp Version7.4 Updateupdate_72
LiferayDxp Version7.4 Updateupdate_73
LiferayDxp Version7.4 Updateupdate_74
LiferayDxp Version7.4 Updateupdate_75
LiferayDxp Version7.4 Updateupdate_76
LiferayLiferay Portal Version >= 7.4.3.70 < 7.4.3.77
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.458
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security@liferay.com 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.