Description

Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.

Remediation

References

CVE-2021-33331

Related Vulnerabilities

WordPress Plugin Ultimate Membership Pro Security Bypass (8.6)

WordPress Plugin Venture Event Manager Cross-Site Scripting (3.2.4)

WordPress 7PK - Security Features Vulnerability (CVE-2014-9039)

Moodle Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-5153)

WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)

Severity

Medium

Classification

CVE-2021-33331 CWE-601

Tags

Missing Update Known Vulnerabilities