Design/Logic Flaw

2022-09-2201:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

JSON

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirectparameter (2)FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.

CPENameOperatorVersion
dxpeq7.2 fixpack5
dxpeq7.0
dxpeq7.1
dxpeq7.2
dxpeq7.2 fixpack6
dxpeq7.2 fixpack7
dxpeq7.2 fixpack8
dxpeq7.2 fixpack9
dxpeq7.1 fixpack17
dxpeq7.1 fixpack18

Name	Operator	Version
dxp	eq	7.2 fixpack5
dxp	eq	7.0
dxp	eq	7.1
dxp	eq	7.2
dxp	eq	7.2 fixpack6
dxp	eq	7.2 fixpack7
dxp	eq	7.2 fixpack8
dxp	eq	7.2 fixpack9
dxp	eq	7.1 fixpack17
dxp	eq	7.1 fixpack18

Rows per page:

1-10 of 381

References

liferay.com

portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash