CVE-2024-25608
MEDIUM6.1EPSS 17.6%Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character
Published: 2/20/2024Modified: 7/29/2025
Also known as:GHSA-548x-j6x6-hcv4
Description
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
Affected packages (2)
- Maven/com.liferay.portal:release.dxp.bomfrom 0, < 7.2.10.fp19
- Maven/com.liferay.portal:release.portal.bom>= 7.2.0, < 7.4.3.19-ga19
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-25608
- PATCHhttps://github.com/liferay/liferay-portal
- WEBhttps://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
- WEBhttps://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
- WEBhttps://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608