Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_adaptive_media_web_portlet_AMPortlet_redirect parameter.

Affected Packages

Maven com.liferay:com.liferay.adaptive.media.web

Affected versions: 2023.Q3 (fixed in 2023.Q3.6)

Maven com.liferay:com.liferay.adaptive.media.web

Affected versions: 7.4.0 (last affected: 7.4.13.u92)

Related CVEs

CVE-2023-44308

Key Information

GHSA ID

GHSA-3mrr-cw9q-727m

Published

February 20, 2024 9:30 AM

Last Modified

July 29, 2025 12:24 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.liferay:com.liferay.adaptive.media.web

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.