Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

PT-2023-23529

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.70 through 7.4.3.73 Liferay DXP 7.4 update 70 through 73 Description A cross-site scripting XSS issue exists in the Layout module's SEO configuration, allowing remote attackers to inject arbitrary web script or HT...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc.. A security vulnerability exists in Liferay Portal versio...