CVE-2023-35029
- Source
- https://cve.org/CVERecord?id=CVE-2023-35029
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35029.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-35029
- Aliases
- Published
- 2023-06-15T04:15:34.513Z
- Modified
- 2026-03-14T12:09:06.080455Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the
_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURLparameter. - References
Affected packages
Git / github.com/liferay/liferay-portal
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update_70"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update_71"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update_72"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update_73"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update_74"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update_75"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update_76"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35029.json"