← Back

CVE-2023-5190

nvd nist
Published: Feb 20, 2024Modified: Jan 28, 2025

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.

Affected (55)

Liferay
2 products
Digital Experience Platform
Liferay Portal
Configuration A
55 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Digital Experience Platform
Version 2023.q3.0
Digital Experience Platform
Version 2023.q3.1
Digital Experience Platform
Version 2023.q3.2
Digital Experience Platform
Version 2023.q3.3
Digital Experience Platform
Version 2023.q3.4
Digital Experience Platform
Version 2023.q3.5
Digital Experience Platform
Version 7.4 update45
Digital Experience Platform
Version 7.4 update46
Digital Experience Platform
Version 7.4 update47
Digital Experience Platform
Version 7.4 update48
Digital Experience Platform
Version 7.4 update49
Digital Experience Platform
Version 7.4 update50
Digital Experience Platform
Version 7.4 update51
Digital Experience Platform
Version 7.4 update52
Digital Experience Platform
Version 7.4 update53
Digital Experience Platform
Version 7.4 update54
Digital Experience Platform
Version 7.4 update55
Digital Experience Platform
Version 7.4 update56
Digital Experience Platform
Version 7.4 update57
Digital Experience Platform
Version 7.4 update58
Digital Experience Platform
Version 7.4 update59
Digital Experience Platform
Version 7.4 update60
Digital Experience Platform
Version 7.4 update61
Digital Experience Platform
Version 7.4 update62
Digital Experience Platform
Version 7.4 update63
Digital Experience Platform
Version 7.4 update64
Digital Experience Platform
Version 7.4 update65
Digital Experience Platform
Version 7.4 update66
Digital Experience Platform
Version 7.4 update67
Digital Experience Platform
Version 7.4 update68
Digital Experience Platform
Version 7.4 update69
Digital Experience Platform
Version 7.4 update70
Digital Experience Platform
Version 7.4 update71
Digital Experience Platform
Version 7.4 update72
Digital Experience Platform
Version 7.4 update73
Digital Experience Platform
Version 7.4 update74
Digital Experience Platform
Version 7.4 update75
Digital Experience Platform
Version 7.4 update76
Digital Experience Platform
Version 7.4 update77
Digital Experience Platform
Version 7.4 update78
Digital Experience Platform
Version 7.4 update79
Digital Experience Platform
Version 7.4 update80
Digital Experience Platform
Version 7.4 update81
Digital Experience Platform
Version 7.4 update82
Digital Experience Platform
Version 7.4 update83
Digital Experience Platform
Version 7.4 update84
Digital Experience Platform
Version 7.4 update85
Digital Experience Platform
Version 7.4 update86
Digital Experience Platform
Version 7.4 update87
Digital Experience Platform
Version 7.4 update88
Digital Experience Platform
Version 7.4 update89
Digital Experience Platform
Version 7.4 update90
Digital Experience Platform
Version 7.4 update91
Digital Experience Platform
Version 7.4 update92
Liferay Portal
From 7.4.3.45 to 7.4.3.102

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

Source: security@liferay.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.