cvedb.io
CVE-2023-35030
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2023-06-15T05:15:09.857 · Last modified 2026-06-17T06:04:17.587

Summary

Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Affected products

liferay — dxp

Does this affect you?

Add your gear to cvedb and we'll alert you only when liferay ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.