Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2022-28977 - Vulnerability Database
Liferay Portal

Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2022-28977

Medium
Reference: CVE-2022-28977
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-28977
Title: Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Overview:

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2 and Liferay DXP 7.0 fix pack 91 through 101 7.1 fix pack 17 through 25 7.2 fix pack 5 through 14 and 7.3 before service pack 3 can be circumvented by using multiple forward slashes which allows remote attackers to redirect users to arbitrary external URLs via the (1) 39redirect parameter (2) FORWARD_URL parameter and (3) others parameters that rely on HtmlUtil.escapeRedirect.