Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Digital_experience_platform | Liferay | 7.4-update45 (including) | 7.4-update45 (including) |
Digital_experience_platform | Liferay | 7.4-update46 (including) | 7.4-update46 (including) |
Digital_experience_platform | Liferay | 7.4-update47 (including) | 7.4-update47 (including) |
Digital_experience_platform | Liferay | 7.4-update48 (including) | 7.4-update48 (including) |
Digital_experience_platform | Liferay | 7.4-update49 (including) | 7.4-update49 (including) |
Digital_experience_platform | Liferay | 7.4-update50 (including) | 7.4-update50 (including) |
Digital_experience_platform | Liferay | 7.4-update51 (including) | 7.4-update51 (including) |
Digital_experience_platform | Liferay | 7.4-update52 (including) | 7.4-update52 (including) |
Digital_experience_platform | Liferay | 7.4-update53 (including) | 7.4-update53 (including) |
Digital_experience_platform | Liferay | 7.4-update54 (including) | 7.4-update54 (including) |
Digital_experience_platform | Liferay | 7.4-update55 (including) | 7.4-update55 (including) |
Digital_experience_platform | Liferay | 7.4-update56 (including) | 7.4-update56 (including) |
Digital_experience_platform | Liferay | 7.4-update57 (including) | 7.4-update57 (including) |
Digital_experience_platform | Liferay | 7.4-update58 (including) | 7.4-update58 (including) |
Digital_experience_platform | Liferay | 7.4-update59 (including) | 7.4-update59 (including) |
Digital_experience_platform | Liferay | 7.4-update60 (including) | 7.4-update60 (including) |
Digital_experience_platform | Liferay | 7.4-update61 (including) | 7.4-update61 (including) |
Digital_experience_platform | Liferay | 7.4-update62 (including) | 7.4-update62 (including) |
Digital_experience_platform | Liferay | 7.4-update63 (including) | 7.4-update63 (including) |
Digital_experience_platform | Liferay | 7.4-update64 (including) | 7.4-update64 (including) |
Digital_experience_platform | Liferay | 7.4-update65 (including) | 7.4-update65 (including) |
Digital_experience_platform | Liferay | 7.4-update66 (including) | 7.4-update66 (including) |
Digital_experience_platform | Liferay | 7.4-update67 (including) | 7.4-update67 (including) |
Digital_experience_platform | Liferay | 7.4-update68 (including) | 7.4-update68 (including) |
Digital_experience_platform | Liferay | 7.4-update69 (including) | 7.4-update69 (including) |
Digital_experience_platform | Liferay | 7.4-update70 (including) | 7.4-update70 (including) |
Digital_experience_platform | Liferay | 7.4-update71 (including) | 7.4-update71 (including) |
Digital_experience_platform | Liferay | 7.4-update72 (including) | 7.4-update72 (including) |
Digital_experience_platform | Liferay | 7.4-update73 (including) | 7.4-update73 (including) |
Digital_experience_platform | Liferay | 7.4-update74 (including) | 7.4-update74 (including) |
Digital_experience_platform | Liferay | 7.4-update75 (including) | 7.4-update75 (including) |
Digital_experience_platform | Liferay | 7.4-update76 (including) | 7.4-update76 (including) |
Digital_experience_platform | Liferay | 7.4-update77 (including) | 7.4-update77 (including) |
Digital_experience_platform | Liferay | 7.4-update78 (including) | 7.4-update78 (including) |
Digital_experience_platform | Liferay | 7.4-update79 (including) | 7.4-update79 (including) |
Digital_experience_platform | Liferay | 7.4-update80 (including) | 7.4-update80 (including) |
Digital_experience_platform | Liferay | 7.4-update81 (including) | 7.4-update81 (including) |
Digital_experience_platform | Liferay | 7.4-update82 (including) | 7.4-update82 (including) |
Digital_experience_platform | Liferay | 7.4-update83 (including) | 7.4-update83 (including) |
Digital_experience_platform | Liferay | 7.4-update84 (including) | 7.4-update84 (including) |
Digital_experience_platform | Liferay | 7.4-update85 (including) | 7.4-update85 (including) |
Digital_experience_platform | Liferay | 7.4-update86 (including) | 7.4-update86 (including) |
Digital_experience_platform | Liferay | 7.4-update87 (including) | 7.4-update87 (including) |
Digital_experience_platform | Liferay | 7.4-update88 (including) | 7.4-update88 (including) |
Digital_experience_platform | Liferay | 7.4-update89 (including) | 7.4-update89 (including) |
Digital_experience_platform | Liferay | 7.4-update90 (including) | 7.4-update90 (including) |
Digital_experience_platform | Liferay | 7.4-update91 (including) | 7.4-update91 (including) |
Digital_experience_platform | Liferay | 7.4-update92 (including) | 7.4-update92 (including) |
Digital_experience_platform | Liferay | 2023.q3.0 (including) | 2023.q3.0 (including) |
Digital_experience_platform | Liferay | 2023.q3.1 (including) | 2023.q3.1 (including) |
Digital_experience_platform | Liferay | 2023.q3.2 (including) | 2023.q3.2 (including) |
Digital_experience_platform | Liferay | 2023.q3.3 (including) | 2023.q3.3 (including) |
Digital_experience_platform | Liferay | 2023.q3.4 (including) | 2023.q3.4 (including) |
Digital_experience_platform | Liferay | 2023.q3.5 (including) | 2023.q3.5 (including) |
Liferay_portal | Liferay | 7.4.3.45 (including) | 7.4.3.102 (excluding) |