Description

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via components tab.

Remediation

References

CVE-2025-43769

Related Vulnerabilities

Roundcube Resource Management Errors Vulnerability (CVE-2008-5620)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-17671)

WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)

Ruby on Rails Resource Management Errors Vulnerability (CVE-2016-0751)

Oracle Application Server CVE-2008-0347 Vulnerability (CVE-2008-0347)

Severity

Medium

Classification

CVE-2025-43769 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities