Description

Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.

Remediation

References

CVE-2025-43767

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4301)

WordPress Plugin AMP for WP-Accelerated Mobile Pages Multiple Unspecified Vulnerabilities (0.9.72)

Django CVE-2024-41990 Vulnerability (CVE-2024-41990)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35626)

MySQL CVE-2018-2776 Vulnerability (CVE-2018-2776)

Severity

Medium

Classification

CVE-2025-43767 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities