Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation is not distinguishing between trusted subdomains and malicious domains.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Liferay DXP 代码问题漏洞
Vulnerability Description
Liferay DXP是美国Liferay公司的一套数字化体验协作平台。 Liferay DXP 2025.Q2.0至2025.Q2.3版本存在代码问题漏洞,该漏洞源于analytics.cloud.domain.allowed域名验证不安全,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A