CVE-2023-35030

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 15, 2023

Updated: Jun 22, 2023

CWE ID 352

Summary

CVE-2023-35030 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Liferay Portal versions 7.4.3.70 through 7.4.3.76, and Liferay DXP updates 70 through 76. This issue enables remote attackers to execute arbitrary code in the scripting console by manipulating the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter in a CSRF request, exploiting the SEO configuration in the Layout module. This could potentially result in serious security breaches if left unpatched.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Liferay Portal

Affected Vendors

Liferay

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ron__2
https://www.cve.org/CVERecord?id=CVE-2023-35030
https://nvd.nist.gov/vuln/detail/CVE-2023-35030

Back to Vulnerability Database