Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-43761: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal

Medium
VulnerabilityCVE-2025-43761cvecve-2025-43761cwe-79
Published: Fri Aug 22 2025 (08/22/2025, 20:25:46 UTC)
Source: CVE Database V5
Vendor/Project: Liferay
Product: Portal

Description

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the frontend-editor-ckeditor-web/ckeditor/samples/old/ajax.html path

Technical Details

Data Version
5.1
Assigner Short Name
Liferay
Date Reserved
2025-04-17T10:55:26.803Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68a8daf6ad5a09ad00226b9c

Added to database: 8/22/2025, 9:02:46 PM

Last updated: 8/22/2025, 9:02:46 PM

Views: 1

Related Threats

CVE-2025-24902: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA

Critical
VulnerabilityFri Aug 22 2025

CVE-2025-52451: CWE-20 Improper Input Validation in Salesforce Tableau Server

High
VulnerabilityFri Aug 22 2025

CVE-2025-52450: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Salesforce Tableau Server

High
VulnerabilityFri Aug 22 2025

CVE-2025-26498: CWE-434 Unrestricted Upload of File with Dangerous Type in Salesforce Tableau Server

Critical
VulnerabilityFri Aug 22 2025

CVE-2025-26497: CWE-434 Unrestricted Upload of File with Dangerous Type in Salesforce Tableau Server

High
VulnerabilityFri Aug 22 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats