GSA_kwCzR0hTQS1wMmZjLXh4cjgtZnczcM4AAz3w

High EPSS: 0.00572% (0.67673 Percentile) EPSS:

Permalink JSON

Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module

Affected Packages	Affected Versions	Fixed Versions
maven:com.liferay.portal:release.dxp.bom	>= 7.4.13.u70, <= 7.4.13.u76	No known fixed version
0 Dependent packages 2 Dependent repositories Affected Version Ranges All affected versions 7.4.1-3.u70, 7.4.1-3.u71, 7.4.1-3.u72, 7.4.1-3.u73, 7.4.1-3.u74, 7.4.1-3.u75, 7.4.1-3.u76
maven:com.liferay.portal:release.portal.bom	>= 7.4.3.70-ga70, < 7.4.3.77-ga77	7.4.3.77-ga77
5 Dependent packages 33 Dependent repositories Affected Version Ranges All affected versions All unaffected versions 7.0.6, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.4.0, 7.4.1, 7.4.2

Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL parameter.

References:

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1wMmZjLXh4cjgtZnczcM4AAz3w

Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module

Affected Version Ranges

All affected versions

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API