Listen to this Post
The mentioned CVE describes a reflected Cross-Site Scripting (XSS) vulnerability within Liferay Portal. The flaw exists in the handling of the `redirect` parameter in the Announcements and Alerts portlets. In affected versions, this parameter’s value is not properly sanitized before being included in the HTML output of the server’s response. An attacker can exploit this by crafting a malicious URL containing a script payload within the `redirect` parameter. When an authenticated user is tricked into clicking this link, the embedded JavaScript is executed by the victim’s browser in the context of the Liferay Portal session. This allows the attacker to perform any actions the user is authorized to do, such as stealing session cookies or manipulating the DOM, without directly compromising the server.
Platform: Liferay Portal/DXP
Version: 7.4.3.74-7.4.3.111
Vulnerability: Reflected XSS
Severity: Moderate
date: 2025-09-29
Prediction: 2025-10-20
What Undercode Say:
curl -s "http://liferay-instance.com/group/guest/announcements?redirect=javascript:alert(document.domain)"
<script>
var xhr = new XMLHttpRequest();
xhr.open('GET', '/api/jsonws/user/get-current-user');
xhr.withCredentials = true;
xhr.send();
</script>
How Exploit:
Craft malicious URL with script in `redirect` parameter. Social engineer victim to click link. Payload executes in their session.
Protection from this CVE
Update to patched version 7.4.3.112. Implement strict input validation on all `redirect` parameters. Deploy a Content Security Policy (CSP).
Impact:
Session hijacking. Unauthorized actions. Data theft.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
