5.4
CVE-2025-43753
- EPSS 0.03%
- Veröffentlicht 21.08.2025 22:23:13
- Zuletzt bearbeitet 15.12.2025 19:50:08
- Quelle security@liferay.com
- CVE-Watchlists
- Unerledigt
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Liferay ≫ Digital Experience Platform Version >= 2024.Q1.1 < 2024.Q1.17
Liferay ≫ Digital Experience Platform Version >= 2024.Q2.1 <= 2024.Q2.13
Liferay ≫ Digital Experience Platform Version >= 2024.q3.1 <= 2024.q3.13
Liferay ≫ Digital Experience Platform Version >= 2024.q4.0 <= 2024.q4.7
Liferay ≫ Digital Experience Platform Version >= 2025.Q1.0 < 2025.Q1.8
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate32
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate33
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate34
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate35
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate36
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate37
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate38
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate39
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate40
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate41
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate42
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate43
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate44
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate45
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate46
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate47
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate48
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate49
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate50
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate51
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate52
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate53
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate54
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate55
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate56
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate57
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate58
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate59
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate60
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate61
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate62
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate63
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate64
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate65
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate66
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate67
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate68
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate69
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate70
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate71
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate72
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate73
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate74
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate75
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate76
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate77
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate78
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate79
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate80
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate81
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate82
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate83
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate84
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate85
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate86
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate87
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate88
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate89
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate90
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate91
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate92
Liferay ≫ Liferay Portal Version >= 7.4.3.32 <= 7.4.3.132
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.079 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| security@liferay.com | 2.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.