GHSA-3mrr-cw9q-727m

Source

https://github.com/advisories/GHSA-3mrr-cw9q-727m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-3mrr-cw9q-727m/GHSA-3mrr-cw9q-727m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3mrr-cw9q-727m

Aliases

CVE-2023-44308

Published

2024-02-20T09:30:30Z

Modified

2025-07-29T13:27:25.994573Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page

Details

Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the comliferayadaptivemediawebportletAMPortletredirect parameter.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2024-02-20T07:15:08Z",
    "cwe_ids": [
        "CWE-601"
    ],
    "github_reviewed_at": "2025-07-29T12:24:35Z",
    "severity": "MODERATE"
}

References

Affected packages

Maven / com.liferay:com.liferay.adaptive.media.web

Package

Name: com.liferay:com.liferay.adaptive.media.web; View open source insights on deps.dev
Purl: pkg:maven/com.liferay/com.liferay.adaptive.media.web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2023.Q3

Fixed

2023.Q3.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-3mrr-cw9q-727m/GHSA-3mrr-cw9q-727m.json"

Maven / com.liferay:com.liferay.adaptive.media.web

Package

Name: com.liferay:com.liferay.adaptive.media.web; View open source insights on deps.dev
Purl: pkg:maven/com.liferay/com.liferay.adaptive.media.web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.4.0

Last affected

7.4.13.u92

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-3mrr-cw9q-727m/GHSA-3mrr-cw9q-727m.json"