CVE-2023-5190

CVSS V2 None CVSS V3 None

Description

Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.

Overview

CVE ID
CVE-2023-5190

Assigner
Liferay

Vulnerability Status
PUBLISHED

Published Version
2024-02-20T06:03:45.941Z

Last Modified Date
2024-02-20T06:03:45.941Z

Weakness Enumerations

CWE	URL
CWE-601	http://cwe.mitre.org/data/definitions/601.html

References

Reference URL	Reference Tags
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-5190	vendor-advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-5190
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5190

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 04:44:55				Added to TrackCVE