CVE-2023-35030

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-35030

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35030.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-35030

Published

2023-06-15T05:15:09Z

Modified

2025-03-05T20:50:21Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL parameter.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-35030

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

08f398396f8940c875a0c03d8a62c8a592d73ee7

Fixed

bc02d1052892aef608d5909996d3571bdbd17c8d