Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2024-25608 - Vulnerability Database
Liferay Portal

Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2024-25608

Medium
Reference: CVE-2024-25608
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-25608
Title: Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Overview:

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18 and older unsupported versions and Liferay DXP 7.4 before update 19 7.3 before update 4 7.2 before fix pack 19 and older unsupported versions can be circumvented by using the 39REPLACEMENT CHARACTER39 (UFFFD) which allows remote attackers to redirect users to arbitrary external URLs via the (1) 39redirect parameter (2) FORWARD_URL parameter (3) noSuchEntryRedirect parameter and (4) others parameters that rely on HtmlUtil.escapeRedirect.