Liferay DXP 7.4 Update 72

CPE Details

Liferay DXP 7.4 Update 72
liferay
dxp
7.4
2023-06-21
10h55 +00:00
2023-07-12
07h44 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:liferay:dxp:7.4:update_72:*:*:*:*:*:*

Informations

Vendor

liferay

Product

dxp

Version

7.4

Update

update_72

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-35030 2023-06-15 04h06 +00:00 Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
8.8
Haute
CVE-2023-35029 2023-06-15 03h59 +00:00 Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
6.1
Moyen
CVE-2023-3193 2023-06-15 03h47 +00:00 Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
6.1
Moyen