Description

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks page.

Remediation

References

CVE-2025-43785

Related Vulnerabilities

MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2008-3963)

WordPress Plugin PowerPack Pro for Elementor Privilege Escalation (2.10.14)

WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.91)

WordPress Plugin Booking calendar, Appointment Booking System Security Bypass (2.2.2)

MediaWiki CVE-2023-45374 Vulnerability (CVE-2023-45374)

Severity

Medium

Classification

CVE-2025-43785 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities