{"id":"CVE-2023-5190","details":"Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.","aliases":["GHSA-f3rf-cr7f-cwc4"],"modified":"2026-04-11T12:46:28.539047Z","published":"2024-02-20T06:15:07.680Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"2023.q3.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"2023.q3.1"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"2023.q3.2"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"2023.q3.3"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"2023.q3.4"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.5:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"2023.q3.5"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update45:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update45"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update46:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update46"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update47:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update47"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update48"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update49:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update49"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update50"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update51:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update51"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update52"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update53:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update53"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update54:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update54"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update55:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update55"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update56:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update56"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update57:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update57"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update58:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update58"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update59:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update59"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update60:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update60"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update61:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update61"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update62"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update63:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update63"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update64:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update64"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update65:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update65"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update66:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update66"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update67"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update68:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update68"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update69:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update69"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update70:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update70"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update71:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update71"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update72:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update72"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update73:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update73"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update74:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update74"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update75:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update75"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update76"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update77"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update78"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update79"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update80"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update81"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update82"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update83"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update84"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update85"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update86"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update87"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update88"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update89"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update90"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update91"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.4-update92"}]}]},"references":[{"type":"ADVISORY","url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-5190"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/liferay/liferay-portal","events":[{"introduced":"71fe1369ea8203d8e1d3984d91e097de267c7ead"},{"fixed":"075b1fec5e8ec7b940ea2780fe3c5c7a9d51ca74"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"7.4.3.45"},{"fixed":"7.4.3.102"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5190.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}