CVE-2022-28977: 
Java vulnerability analysis and mitigation

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 contains a security vulnerability that can be circumvented by using multiple forward slashes. The vulnerability was assigned CVE-2022-28977 and was published on September 21, 2022 (NVD).

The vulnerability allows remote attackers to redirect users to arbitrary external URLs through multiple parameters including the 'redirect' parameter, 'FORWARD_URL' parameter, and other parameters that rely on HtmlUtil.escapeRedirect. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. It is classified as CWE-601: URL Redirection to Untrusted Site ('Open Redirect') (NVD, Liferay Advisory).

The vulnerability enables attackers to bypass URL redirection protections, potentially allowing them to redirect users to malicious external websites. This could lead to phishing attacks or other malicious activities where users might unknowingly be directed to harmful sites while believing they are accessing legitimate resources (NVD).

Fixed versions have been released to address this vulnerability. For Liferay Portal, users should upgrade to version 7.4.3.4 or apply the January 2022 source patch for Liferay Portal 7.3.7. Details for working with source patches can be found on the Patching Liferay Portal page (Liferay Advisory).