Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-28977
HistorySep 22, 2022 - 12:02 a.m.

CVE-2022-28977

2022-09-2200:02:08
mitre
www.cve.org

0.001 Low

EPSS

Percentile

46.6%

JSON

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirectparameter (2)FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.

Related

nvd 2
cve 2
prion 2
cvelist 1
nvd
nvd
CVE-2022-28977
2022-09-22 01:15:10
CVE-2024-25609
2024-02-20 10:15:08
cve
cve
CVE-2022-28977
2022-09-22 01:15:10
CVE-2024-25609
2024-02-20 10:15:08
prion
prion
Design/Logic Flaw
2022-09-22 01:15:00
Design/Logic Flaw
2024-02-20 10:15:00
cvelist
cvelist
CVE-2024-25609
2024-02-20 09:37:55

0.001 Low

EPSS

Percentile

46.6%

JSON
Related for CVELIST:CVE-2022-28977
nvd2cve2prion2cvelist1