EUVD-2025-25628

Malicious code in bioql PyPI...

Open Redirect

com.liferay, com.liferay.info.impl is vulnerable to Open Redirect. The vulnerability is due to improper validation of the /c/portal/editinfoitem redirect parameter, which allows an attacker to redirect users to a malicious site...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via EditInfoItemStrutsAction accessible through c/portal/editinfoitem. An attacker can redirect users to arbitrary external sites by crafting a malicious URL. Remediation Upgrade com.liferay:com.liferay.info.impl to versio...

Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect

Open Redirect vulnerability in /c/portal/editinfoitem parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this...

CVE-2025-43767

Open Redirect vulnerability in /c/portal/editinfoitem parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this...

CVE-2025-43767

Open Redirect vulnerability in /c/portal/editinfoitem parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this...

CVE-2025-43767

Open Redirect (CVE-2025-43767) affects Liferay Portal/Liferay DXP via /c/portal/edit_info_item redirect parameter. Vulnerable versions include Liferay Portal 7.4.3.86–7.4.3.131 and Liferay DXP 2024.Q1.1–Q4.9, 2024.Q2.0–Q2.13, 2024.Q3.1–Q3.9, plus 7.4 update 86–92. The root cause is improper valid...