Abderrahmane Bounhidja

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4.0 through 7.4.3.97 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Liferay Portal 7.4 GA through update 92 **Description** An open redirect issue exists in page administration functionality. This allows remote attackers to redirect users to arbitrary external URLs via the ` com liferay layout admin web portlet GroupPagesPortlet redirect` parameter. **Recommendations** Liferay Portal versions 7.3 GA through update 35: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Liferay Portal versions 7.4.0 through 7.4.3.97: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Liferay DXP versions 2023.Q3.1 through 2023.Q3.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Liferay DXP version 2023.Q4.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Liferay Portal 7.4 GA through update 92: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.3.101 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 GA through update 35 Older unsupported versions Description: An open redirect issue exists in System Settings, Instance Settings, and Site Settings. This allows remote attackers to redirect users to arbitrary external URLs via the ` com liferay configuration admin web portlet SystemSettingsPortlet redirect` parameter, the ` com liferay configuration admin web portlet InstanceSettingsPortlet redirect` parameter, and the ` com liferay site admin web portlet SiteSettingsPortlet redirect` parameter. Recommendations: Liferay Portal versions 7.1.0 through 7.4.3.101: Update to a version beyond 7.4.3.101. Liferay DXP versions 2023.Q3.1 through 2023.Q3.4: Update to a version beyond 2023.Q3.4. Liferay Portal 7.4 GA through update 92: Update to a version beyond update 92. Liferay Portal 7.3 GA through update 35: Update to a version beyond update 35. Older unsupported versions: Update to a supported version.

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.0.0 through 7.4.3.87 Liferay DXP versions 7.4 GA through update 87 Liferay DXP versions 7.3 GA through update 29 **Description** A cross-site scripting (XSS) issue in the edit Service Access Policy page allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field. This enables attackers to execute malicious scripts on the victim's browser. **Recommendations** For Liferay Portal versions 7.0.0 through 7.4.3.87, update to the latest version to mitigate the issue. For Liferay DXP versions 7.4 GA through update 87, apply the recommended patches and update to the latest version. For Liferay DXP versions 7.3 GA through update 29, apply the recommended patches and update to the latest version. As a temporary workaround, consider restricting access to the edit Service Access Policy page until a patch is available. Avoid using the `Service Class` text field in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tungsten Automation (Kofax) TotalAgility versions all through 7.9.0.25.0.954 **Description** The issue is a Reflected XSS vulnerability that can be exploited through manipulation of the `mfpConnectionId` parameter in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" and "/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx". This allows for the injection of malicious JavaScript code, potentially leading to information leaks. Exploitation is only possible using POST requests and also requires retrieving or generating a proper `VIEWSTATE` parameter. **Recommendations** For versions all through 7.9.0.25.0.954, consider disabling the `mfpConnectionId` parameter manipulation in the affected endpoints as a temporary workaround until a patch is available. Restrict access to the vulnerable endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" and "/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx" to minimize the risk of exploitation. Avoid using the `mfpConnectionId` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tungsten Automation (Kofax) TotalAgility versions all through 7.9.0.25.0.954 **Description** The issue allows for Reflected XSS attacks through manipulation of the `mfpScreenResolutionWidth` parameter in a form sent to the "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" endpoint. This enables the injection of malicious JavaScript code, potentially leading to information leaks. Exploitation is limited to POST requests and requires a proper `VIEWSTATE` parameter, which reduces the risk of a successful attack. **Recommendations** For versions all through 7.9.0.25.0.954, as a temporary workaround, consider restricting access to the `/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx` endpoint until a patch is available. Additionally, avoid using the `mfpScreenResolutionWidth` parameter in the affected form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.