Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes

🗓️ 20 Feb 2024 12:31:00Reported by GitHub Advisory DatabaseType 
github
 github🔗 github.com👁 3 Views

Liferay Portal and DXP vulnerability allows redirect circumvention via double forward slashes.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
Circl		CVE-2024-25609
20 Feb 202411:26
circl
CNNVD		Liferay Portal and Liferay DXP Security Vulnerabilities
20 Feb 202400:00
cnnvd
CVE		CVE-2024-25609
20 Feb 202409:37
cve
Cvelist		CVE-2024-25609
20 Feb 202409:37
cvelist
EUVD		EUVD-2024-22932
3 Oct 202520:07
euvd
NCSC		Vulnerabilities fixed in Liferay Portal and DXP
22 Feb 202400:00
ncsc
NVD		CVE-2024-25609
20 Feb 202410:15
nvd
OSV		CVE-2024-25609
20 Feb 202410:15
osv
OSV		GHSA-3QQ5-WCRX-4H8R Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes
20 Feb 202412:31
osv
Prion		Design/Logic Flaw
20 Feb 202410:15
prion
Rows per page
Vulners
Node
com.liferay.portalrelease.dxp.bomRange7.4.07.4.13.u9maven
OR
com.liferay.portalrelease.dxp.bomRange7.2.10.fp157.2.10.fp18maven
OR
com.liferay.portalrelease.portal.bomRange7.2.07.4.3.13-ga13maven
SourceLink
nvdwww.nvd.nist.gov/vuln/detail/CVE-2024-25609
liferaywww.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609
githubwww.github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362
githubwww.github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a
githubwww.github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed
githubwww.github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d
githubwww.github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0
githubwww.github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886
githubwww.github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003
githubwww.github.com/advisories/GHSA-3qq5-wcrx-4h8r
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Mar 2026 05:07Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.16.1
EPSS0.00261
SSVC
CWE-601
liferay portal security vulnerabilityhtmlutil.escaperedirect issueremote attacker exploit
3