Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2022-28977

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirectparameter (2)FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.

  • Published: Sep 22, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-28977
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

Software From Fixed in
liferay / dxp 7.3 7.3.x
liferay / dxp 7.3-sp1 7.3-sp1.x
liferay / dxp 7.3-sp2 7.3-sp2.x
liferay / liferay_portal 7.3.1 7.4.3.4
liferay / digital_experience_platform 7.2 7.2.x
liferay / digital_experience_platform 7.2-fix_pack_5 7.2-fix_pack_5.x
liferay / digital_experience_platform 7.1-fix_pack_17 7.1-fix_pack_17.x
liferay / digital_experience_platform 7.1 7.1.x
liferay / digital_experience_platform 7.1-fix_pack_19 7.1-fix_pack_19.x
liferay / digital_experience_platform 7.0 7.0.x
liferay / digital_experience_platform 7.2-fix_pack_6 7.2-fix_pack_6.x
liferay / digital_experience_platform 7.2-fix_pack_7 7.2-fix_pack_7.x
liferay / digital_experience_platform 7.2-fix_pack_8 7.2-fix_pack_8.x
liferay / digital_experience_platform 7.2-fix_pack_9 7.2-fix_pack_9.x
liferay / digital_experience_platform 7.1-fix_pack_18 7.1-fix_pack_18.x
liferay / digital_experience_platform 7.0-fix_pack_91 7.0-fix_pack_91.x
liferay / digital_experience_platform 7.0-fix_pack_92 7.0-fix_pack_92.x
liferay / digital_experience_platform 7.0-fix_pack_93 7.0-fix_pack_93.x
liferay / digital_experience_platform 7.0-fix_pack_94 7.0-fix_pack_94.x
liferay / digital_experience_platform 7.0-fix_pack_95 7.0-fix_pack_95.x
liferay / digital_experience_platform 7.0-fix_pack_96 7.0-fix_pack_96.x
liferay / digital_experience_platform 7.1-fix_pack_20 7.1-fix_pack_20.x
liferay / digital_experience_platform 7.2-fix_pack_10 7.2-fix_pack_10.x
liferay / digital_experience_platform 7.2-fix_pack_11 7.2-fix_pack_11.x
liferay / digital_experience_platform 7.1-fix_pack_21 7.1-fix_pack_21.x
liferay / digital_experience_platform 7.1-fix_pack_22 7.1-fix_pack_22.x
liferay / digital_experience_platform 7.1-fix_pack_23 7.1-fix_pack_23.x
liferay / digital_experience_platform 7.1-fix_pack_24 7.1-fix_pack_24.x
liferay / digital_experience_platform 7.1-fix_pack_25 7.1-fix_pack_25.x
liferay / digital_experience_platform 7.2-fix_pack_14 7.2-fix_pack_14.x
liferay / digital_experience_platform 7.2-fix_pack_12 7.2-fix_pack_12.x
liferay / digital_experience_platform 7.2-fix_pack_13 7.2-fix_pack_13.x
liferay / digital_experience_platform 7.0-fix_pack_97 7.0-fix_pack_97.x
liferay / digital_experience_platform 7.0-fix_pack_98 7.0-fix_pack_98.x
liferay / digital_experience_platform 7.0-fix_pack_99 7.0-fix_pack_99.x
liferay / digital_experience_platform 7.0-fix_pack_100 7.0-fix_pack_100.x
liferay / digital_experience_platform 7.0-fix_pack_101 7.0-fix_pack_101.x