Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via components tab.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 23 Aug 2025 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Liferay
Liferay dxp Liferay portal |
|
Vendors & Products |
Liferay
Liferay dxp Liferay portal |
Sat, 23 Aug 2025 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via components tab. | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2025-08-25T17:58:19.599Z
Reserved: 2025-04-17T10:55:26.804Z
Link: CVE-2025-43769

Updated: 2025-08-25T17:58:14.156Z

Status : Awaiting Analysis
Published: 2025-08-23T03:15:30.307
Modified: 2025-08-25T20:24:45.327
Link: CVE-2025-43769

No data.

Updated: 2025-08-23T10:54:57Z