CVE-2025-43783

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.73 through 7.4.3.128 Liferay DXP versions 2024.Q3.0 through 2024.Q3.1 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay versions 7.4 update 73 through update 92

Description: A reflected cross-site scripting (XSS) vulnerability exists. This allows remote attackers to inject arbitrary web script or HTML via the /c/portal/comment/discussion/get editor API endpoint.

Recommendations: Update Liferay Portal to a version later than 7.4.3.128. Update Liferay DXP to a version later than 2024.Q3.1. Update Liferay DXP to a version later than 2024.Q2.13. Update Liferay DXP to a version later than 2024.Q1.12. Update Liferay to a version later than update 92.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-43783

GHSA-JHGR-J9CJ-8J62

Affected Products

Liferay

Liferay Dxp

Liferay Portal

CVE-2025-43783

Weakness Enumeration

Related Identifiers

Affected Products

References · 9