Description
Open redirect vulnerability in page administration in Liferay Portal and Liferay DXP allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter.
Severity
Affected Version(s)
- Liferay Portal 7.4.0 through 7.4.3.97
- Liferay Portal 7.3.0 through 7.3.7
- Liferay DXP 2023.Q3.1 through 2023.Q3.4
- Liferay DXP 7.4
- Liferay DXP 7.3 GA through U35
- Older unsupported versions
Fixed Version(s)
- Liferay Portal 7.4.3.98
- Liferay DXP 2024.Q1.1
- Liferay DXP 2023.Q4.1
- Liferay DXP 2023.Q3.5
- Liferay DXP 7.3 U36
Acknowledgments
This issue was reported by Abderrahmane BOUNHIDJA
Publication date: Fri, 25 Oct 2024 19:04:00 +0000