Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2024-25609 - Vulnerability Database
Liferay Portal

Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2024-25609

Medium
Reference: CVE-2024-25609
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-25609
Title: Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Overview:

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12 and older unsupported versions and Liferay DXP 7.4 before update 9 7.3 service pack 3 7.2 fix pack 15 through 18 and older unsupported versions can be circumvented by using two forward slashes which allows remote attackers to redirect users to arbitrary external URLs via the (1) 39redirect parameter (2) FORWARD_URL parameter and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.