CVE-2022-28977

moderate-risk
Published 2022-09-22

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.

Do I need to act?

-
0.51% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Liferay

References (4)

Product http://liferay.com
Patch https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publishe...
Product http://liferay.com
Patch https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publishe...
49
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 2/34 · Minimal
Exposure 24/34 · High