{"uuid": "9c9bb4b7-b11b-44f3-99cc-5d2f70d4b211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28977", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17674", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-28977\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.\n\ud83d\udccf Published: 2022-09-22T00:02:08.000Z\n\ud83d\udccf Modified: 2025-05-27T16:00:50.051Z\n\ud83d\udd17 References:\n1. http://liferay.com\n2. https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash", "creation_timestamp": "2025-05-27T16:53:05.000000Z"}