Cross-Site Request Forgery in Liferay Portal's Layout Module SEO Configuration
CVE-2023-35030
8.8HIGH
What is CVE-2023-35030?
A Cross-Site Request Forgery (CSRF) vulnerability exists in the SEO configuration of the Layout module within Liferay Portal versions 7.4.3.70 to 7.4.3.76 and Liferay DXP 7.4 update 70 to 76. This flaw enables remote attackers to execute arbitrary code in the scripting console via the '_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL' parameter, potentially compromising the integrity and security of affected installations.
Affected Version(s)
DXP 7.4.13.u70 <= 7.4.13.u76
Portal 7.4.3.70 <= 7.4.3.76