CVE-2022-28977Open Redirect in Digital Experience Platform

CWE-601Open Redirect8 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 33.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Liferay Digital Experience PlatformLiferay PortalLiferay DXP+1 more
Timeline
PublishedSep 22
Latest updateFeb 20

Description

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

NVDliferay/liferay_portal7.3.17.4.3.4+1
CVEListV5liferay/portal7.2.07.4.3.12
CVEListV5liferay/dxp7.4.137.4.13.u8+2
NVDliferay/dxp7.3

Patches

Patch: portal.liferay.devPatch: portal.liferay.dev

🔴Vulnerability Details

6
GHSA
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes2024-02-20
OSV
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes2024-02-20
CVEList
CVE-2024-25609: HtmlUtil2024-02-20
GHSA
Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented2022-09-23
OSV
Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented2022-09-23
CVE-2022-28977 — Open Redirect | cvebase