Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 22 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2024-10-22T15:41:49.018Z
Reserved: 2023-06-12T01:29:57.067Z
Link: CVE-2023-35029

Updated: 2024-08-02T16:17:04.188Z

Status : Modified
Published: 2023-06-15T04:15:34.513
Modified: 2024-11-21T08:07:50.590
Link: CVE-2023-35029

No data.

No data.