CVE-2025-43804 is a cross-site scripting (XSS) vulnerability identified in the Search widget of Liferay Portal versions 7.4.3.93 through 7.4.3.111, as well as Liferay DXP versions 2023.Q4.0 and 2023.Q3.1 through 2023.Q3.4. The vulnerability arises due to improper neutralization of input during web page generation, specifically involving the _com_liferay_portal_search_web_portlet_SearchPortlet_userId parameter. This parameter can be manipulated by remote attackers to inject arbitrary web scripts or HTML content. The vulnerability is classified under CWE-79, which pertains to improper input sanitization leading to XSS attacks. The CVSS v4.0 base score is 5.1, indicating a medium severity level. The vector details show that the attack can be performed remotely (AV:N), requires no privileges (PR:N), but does require user interaction (UI:A). The impact on confidentiality and integrity is low, with no impact on availability. No known exploits are currently reported in the wild, and no patches or fixes are linked at this time. The vulnerability allows attackers to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or redirection to malicious sites. Since the vulnerability is in a widely used enterprise portal platform, it poses a risk to organizations that rely on Liferay Portal for their web presence or intranet services.

For European organizations using Liferay Portal or Liferay DXP within the affected versions, this vulnerability can lead to significant security risks. Exploitation could allow attackers to execute arbitrary scripts in users' browsers, potentially compromising user sessions, stealing sensitive information, or conducting phishing attacks. This is particularly concerning for organizations handling personal data under GDPR, as XSS attacks can facilitate unauthorized data access or exfiltration. The medium severity score reflects moderate risk, but the ease of remote exploitation without authentication increases the threat level. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that use Liferay Portal for internal or external web services could face reputational damage, regulatory penalties, and operational disruptions if exploited. The requirement for user interaction means social engineering or phishing campaigns could be used to trigger the vulnerability. While no active exploits are known, the presence of this vulnerability in production environments without mitigation leaves a window of opportunity for attackers to develop exploits.

European organizations should immediately review their Liferay Portal and DXP deployments to identify affected versions. Since no official patches are linked yet, temporary mitigations include: 1) Implementing strict Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts. 2) Applying web application firewall (WAF) rules to detect and block malicious payloads targeting the _com_liferay_portal_search_web_portlet_SearchPortlet_userId parameter. 3) Conducting input validation and output encoding on the server side where possible, especially for user-controllable parameters. 4) Educating users about phishing and social engineering risks to reduce the likelihood of user interaction exploitation. 5) Monitoring logs for suspicious requests targeting the vulnerable parameter. 6) Planning for rapid deployment of official patches or updates from Liferay once available. Additionally, organizations should consider isolating or restricting access to the affected portal components until mitigations are in place. Regular security assessments and penetration testing focusing on XSS vulnerabilities in the portal environment are recommended to detect any exploitation attempts.