CVE-2022-28977
published 2022-09-22CVE-2022-28977: HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | digital_experience_platform | < 7.2 | 7.2 |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | dxp | — | — |
| liferay | dxp | — | — |
| liferay | dxp | 7.2.10-dxp-15 – 7.2.10-dxp-18 | — |
| liferay | dxp | 7.4.13 – 7.4.13.u8 | — |
| liferay | liferay_portal | < 7.4.3.13 | 7.4.3.13 |
| liferay | liferay_portal | >= 7.3.1 < 7.4.3.4 | 7.4.3.4 |
| liferay | portal | 7.2.0 – 7.4.3.12 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ghsa6.1MEDIUM
osv6.1MEDIUM