CVE-2023-44308

Name of the Vulnerable Software and Affected Versions Liferay DXP versions 7.4 GA through update 92 Liferay DXP 2023.Q3 before patch 6

Description The issue allows remote attackers to redirect users to arbitrary external URLs via the com liferay adaptive media web portlet AMPortlet redirect parameter in the adaptive media administration page.

Recommendations For Liferay DXP versions 7.4 GA through update 92, update to a version after update 92 to resolve the issue. For Liferay DXP 2023.Q3 before patch 6, apply patch 6 to fix the problem. As a temporary workaround, consider restricting access to the com liferay adaptive media web portlet AMPortlet redirect parameter in the adaptive media administration page until a patch is applied.