Количество 2
Количество 2
CVE-2023-35030
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
GHSA-p2fc-xxr8-fw3p
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-35030 Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | CVSS3: 8.8 | 1% Низкий | больше 2 лет назад |
| GHSA-p2fc-xxr8-fw3p Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module | CVSS3: 8.8 | 1% Низкий | больше 2 лет назад |
Уязвимостей на страницу