CVE-2025-43755

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.13, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript into the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_type parameter.
CVSS

No CVSS.

Configurations

No configuration.

History

22 Aug 2025, 18:08

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de Cross-Site Scripting almacenado en Liferay Portal 7.4.0 a 7.4.3.132, y Liferay DXP 2025.Q2.0, 2025.Q1.0 a 2025.Q1.13, 2024.Q4.0 a 2024.Q4.7, 2024.Q3.0 a 2024.Q3.13, 2024.Q2.0 a 2024.Q2.13, 2024.Q1.1 a 2024.Q1.17 y 7.4 GA hasta la actualización 92 permite a un atacante autenticado remoto inyectar JavaScript en el parámetro _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_type.

21 Aug 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-21 17:15

Updated : 2025-08-22 18:08


NVD link : CVE-2025-43755

Mitre link : CVE-2025-43755

CVE.ORG link : CVE-2025-43755


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')