Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43814)

Description

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote authenticated users to obtain a user’s password reminder answer via the audit events.

Remediation

References

Related Vulnerabilities

WordPress Plugin MailPoet-emails and newsletters in WordPress Cross-Site Scripting (3.23.1)

Oracle JRE CVE-2013-0429 Vulnerability (CVE-2013-0429)

Joomla Inadequate Encryption Strength Vulnerability (CVE-2011-3629)

MySQL CVE-2023-21982 Vulnerability (CVE-2023-21982)

phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)

Severity

Medium

Classification

CVE-2025-43814 CWE-201 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities