Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-25608Open Redirect in Digital Experience Platform

CWE-601Open Redirect6 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
11.0%
top 6.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Liferay Digital Experience PlatformLiferay PortalLiferay DXP+1 more
Timeline
PublishedFeb 20

Description

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDliferay/liferay_portal< 7.4.3.19
CVEListV5liferay/portal7.2.07.4.3.18
CVEListV5liferay/dxp7.4.137.4.13.u18+2

🔴Vulnerability Details

4
OSV
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character2024-02-20
GHSA
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character2024-02-20
CVEList
CVE-2024-25608: HtmlUtil2024-02-20
VulnCheck
liferay digital_experience_platform URL Redirection to Untrusted Site ('Open Redirect')2024

💥Exploits & PoCs

1
Nuclei
Liferay Portal - Open Redirect
CVE-2024-25608 — Open Redirect | cvebase