Description

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML via the /c/portal/comment/discussion/get_editor path.

Remediation

References

CVE-2025-43783

Related Vulnerabilities

WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.2.2)

MySQL CVE-2018-2766 Vulnerability (CVE-2018-2766)

WordPress Plugin Vuukle Comments, Reactions, Share Bar, Revenue Cross-Site Request Forgery (3.4.31)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-33997)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-25763)

Severity

Medium

Classification

CVE-2025-43783 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities