Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-17022

Open redirect vulnerability in Workflow notifications

Details

    • CVE-2021-33331
    • 6.1
    • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    • 94
    • 19
    • 8

    Description

      Open redirect vulnerability in the notifications module in Liferay DXP 7.0, 7.1 and 7.2 allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.

      Attachments

        Activity

          People

            support-ee EE Support
            daniel.couso Daniel Couso
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                7.0.X EE
                7.1.x EE
                7.2.X EE