Description

Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a web content structure's Name text field

Remediation

References

CVE-2025-43812

Related Vulnerabilities

WordPress Plugin Easy Banners Cross-Site Scripting (1.4)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2243)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7849)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5592)

Oracle Database Server CVE-2014-4236 Vulnerability (CVE-2014-4236)

Severity

Medium

Classification

CVE-2025-43812 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities