Description
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cloaking (2.2.9)
MySQL CVE-2023-21980 Vulnerability (CVE-2023-21980)
WordPress Plugin Yoast SEO Cross-Site Scripting (5.7.1)
Apache Tomcat version older than 6.0.35
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4791)