Description

Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote attackers to inject arbitrary web script or HTML via any rich text field in a web content article.

Remediation

References

CVE-2025-43826

Related Vulnerabilities

MySQL CVE-2021-2038 Vulnerability (CVE-2021-2038)

WordPress Plugin Contact Form Generator Multiple Cross-Site Request Forgery Vulnerabilities (2.1.86)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2014-3581)

Microsoft SQL Server Improper Input Validation Vulnerability (CVE-2001-0509)

SugarCRM Other Vulnerability (CVE-2004-1225)

Severity

Medium

Classification

CVE-2025-43826 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities