CVE-2025-43785

EPSS 0.06%
Veröffentlicht 10.09.2025 16:19:07
Zuletzt bearbeitet 16.12.2025 15:07:24
Quelle security@liferay.com
CVE-Watchlists
Login
Unerledigt
Login

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks page.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version >= 2024.Q1.1 < 2024.Q1.13

Liferay ≫ Digital Experience Platform Version >= 2024.Q2.0 <= 2024.Q2.9

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate45

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate46

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate47

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate48

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate49

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate50

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate51

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate52

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate53

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate54

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate55

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate56

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate57

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate58

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate59

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate60

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate61

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate62

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate63

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate64

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate65

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate66

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate67

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate68

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate69

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate70

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate71

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate72

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate73

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate74

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate75

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate76

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate77

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate78

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate79

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate80

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate81

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate82

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate83

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate84

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate85

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate86

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate87

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate88

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate89

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate90

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate91

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate92

Liferay ≫ Liferay Portal Version >= 7.4.3.45 < 7.4.3.129

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security@liferay.com	4.6	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43785

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-43785

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-43785

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-43785

EUVD