PT-2025-33648 · Liferay · Liferay Dxp 2025.Q1.7+2
Published
2025-08-18
·
Updated
2025-08-18
·
CVE-2025-43733
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Liferay Portal version 7.4.3.132
Liferay DXP versions 2025.Q1.0 through 2025.Q1.7
Description:
A reflected cross-site scripting (XSS) vulnerability allows a remote authenticated attacker to inject JavaScript code via the content page’s name field. This malicious payload is then reflected and executed within the user’s browser when viewing the "document View Usages" page.
Recommendations:
Liferay Portal version 7.4.3.132: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Liferay DXP versions 2025.Q1.0 through 2025.Q1.7: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp 2025.Q1.0
Liferay Dxp 2025.Q1.7
Liferay Portal 7.4.3.132