First published: Thu Jun 15 2023(Updated: )
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
Credit: security@liferay.com
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.4-update_70 | |
Liferay DXP | =7.4-update_71 | |
Liferay DXP | =7.4-update_72 | |
Liferay DXP | =7.4-update_73 | |
Liferay DXP | =7.4-update_74 | |
Liferay DXP | =7.4-update_75 | |
Liferay DXP | =7.4-update_76 | |
Liferay Liferay Portal | >=7.4.3.70<7.4.3.77 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-35030 is a Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal and Liferay DXP.
CVE-2023-35030 affects Liferay Portal 7.4.3.70 through 7.4.3.76 and Liferay DXP 7.4 update 70 through 76.
CVE-2023-35030 has a severity rating of 8.8 (High).
Remote attackers can execute arbitrary code in the scripting console via the _com_liferay_layout_admin_web_portlet_Gro...
Yes, a fix is available for CVE-2023-35030. Please refer to the official reference for more information.