Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 12 Aug 2025 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Liferay
Liferay dxp Liferay portal |
|
Vendors & Products |
Liferay
Liferay dxp Liferay portal |
Tue, 12 Aug 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 12 Aug 2025 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget. | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2025-08-12T14:32:47.002Z
Reserved: 2025-04-17T10:55:20.337Z
Link: CVE-2025-43735

Updated: 2025-08-12T13:32:43.879Z

Status : Awaiting Analysis
Published: 2025-08-12T13:15:33.307
Modified: 2025-08-12T14:25:33.177
Link: CVE-2025-43735

No data.

Updated: 2025-08-12T19:53:12Z