HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Liferay
Liferay digital Experience Platform Liferay liferay Portal |
|
CPEs | cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_17:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_18:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_4:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_5:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_6:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Liferay
Liferay digital Experience Platform Liferay liferay Portal |
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2024-02-20T09:26:10.743Z
Updated: 2024-08-01T23:44:09.704Z
Reserved: 2024-02-08T13:57:11.426Z
Link: CVE-2024-25608
Vulnrichment
Updated: 2024-08-01T23:44:09.704Z
NVD
Status : Analyzed
Published: 2024-02-20T10:15:08.530
Modified: 2024-12-11T17:56:22.230
Link: CVE-2024-25608
Redhat
No data.