Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2023-06-15T04:06:36.864Z
Updated: 2024-08-02T16:17:04.236Z
Reserved: 2023-06-12T01:29:57.068Z
Link: CVE-2023-35030
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-06-15T05:15:09.857
Modified: 2023-06-22T16:52:17.993
Link: CVE-2023-35030
Redhat
No data.