CVE-2025-43755

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q2.0 Liferay DXP versions 2025.Q1.0 through 2025.Q1.13 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q1.1 through 2024.Q1.17 Liferay DXP 7.4 GA through update 92

Description: A stored cross-site scripting issue exists that allows a remote authenticated attacker to inject JavaScript into the com liferay layout admin web portlet GroupPagesPortlet type parameter.

Recommendations: Update Liferay Portal to a version later than 7.4.3.132. Update Liferay DXP to a version later than 2025.Q2.0. Update Liferay DXP to a version later than 2025.Q1.13. Update Liferay DXP to a version later than 2024.Q4.7. Update Liferay DXP to a version later than 2024.Q3.13. Update Liferay DXP to a version later than 2024.Q2.13. Update Liferay DXP to a version later than 2024.Q1.17. Update Liferay DXP to a version later than update 92 for the 7.4 GA release.