Lucene search
PRIOn knowledge basePRION:CVE-2023-35030HistoryJun 15, 2023 - 5:15 a.m.
Cross site request forgery (csrf)
2023-06-1505:15:00
PRIOn knowledge base
www.prio-n.com
3
vulnerability
liferay portal
remote execution
csrf
scripting console
Cross-site request forgery (CSRF) vulnerability in the Layout module’s SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dxp | eq | 7.4 update-71 | |
| dxp | eq | 7.4 update-72 | |
| dxp | eq | 7.4 update-73 | |
| dxp | eq | 7.4 update-74 | |
| dxp | eq | 7.4 update-75 | |
| dxp | eq | 7.4 update-76 | |
| dxp | eq | 7.4 update-70 | |
| liferay_portal | ge | 7.4.3.70 | |
| liferay_portal | lt | 7.4.3.77 |
Related
osv
osv
CVE-2023-35030
2023-06-15 05:15:09
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-06-29 04:55:20
cvelist
cvelist
CVE-2023-35030
2023-06-15 04:06:36
nvd
nvd
CVE-2023-35030
2023-06-15 05:15:09
cve
cve
CVE-2023-35030
2023-06-15 05:15:09
nessus
nessus
Liferay Portal CE 7.4.3.70 < x < 7.4.3.77 Multiple vulnerabilities
2023-06-22 00:00:00
Liferay DXP 7.4.13.70 < x < 7.4.13.77 Multiple vulnerabilities
2023-06-29 00:00:00