CVE-2025-43769

216.73.216.233

· Published 23/08/2025 03:15 · Modified 23/08/2025 03:15

Labels: CVE-2025-43769 2025-08-23 CVE-2025-43769 CWE-79 [email protected]

Essential information

Published: 23/08/2025 03:15
Modified: 23/08/2025 03:15
Author: —
Creator: —
CVSS: 4.6 MEDIUM (v3) 4.6 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via components tab.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
liferay / liferay portal	`cpe:2.3:a:liferay:liferay_portal:7.4.0-7.4.3.131:::::::*`
liferay / liferay dxp	`cpe:2.3:a:liferay:liferay_dxp:2024.Q3.1-2024.Q3.8:::::::*`
liferay / liferay dxp	`cpe:2.3:a:liferay:liferay_dxp:2024.Q2.0-2024.Q2.13:::::::*`
liferay / liferay dxp	`cpe:2.3:a:liferay:liferay_dxp:2024.Q1.1-2024.Q1.12:::::::*`
liferay / liferay portal	`cpe:2.3:a:liferay:liferay_portal:7.4:::::::*`