CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-35029

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.9%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2023-35029

Liferay » Dxp » Version: 7.4

cpe:2.3:a:liferay:dxp:7.4
Liferay » Liferay Portal » Version: 7.4.3.70

cpe:2.3:a:liferay:liferay_portal:7.4.3.70
Liferay » Liferay Portal » Version: 7.4.3.71

cpe:2.3:a:liferay:liferay_portal:7.4.3.71
Liferay » Liferay Portal » Version: 7.4.3.72

cpe:2.3:a:liferay:liferay_portal:7.4.3.72
Liferay » Liferay Portal » Version: 7.4.3.73

cpe:2.3:a:liferay:liferay_portal:7.4.3.73
Liferay » Liferay Portal » Version: 7.4.3.74

cpe:2.3:a:liferay:liferay_portal:7.4.3.74
Liferay » Liferay Portal » Version: 7.4.3.75

cpe:2.3:a:liferay:liferay_portal:7.4.3.75
Liferay » Liferay Portal » Version: 7.4.3.76

cpe:2.3:a:liferay:liferay_portal:7.4.3.76

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-35029

Products

Pricing

Contact Us