CNNVD-202508-265 Information
CNNVD ID
CNNVD-202508-265
Related CVE
- CNNVD Published: 2025-08-04
Description (Chinese)
Liferay Portal是美国Liferay公司的一套基于J2EE的门户解决方案。该方案使用了EJB以及JMS等技术,并可作为Web发布和共享工作区、企业协作平台、社交网络等。 Liferay Portal存在跨站脚本漏洞,该漏洞源于可绕过Captcha检查,可能导致在Gogo shell中执行脚本。
Description (English)
Liferay Portal is a portal solution based on J2EE for the United States company Liferay. The programme uses technologies such as EJB and JMS, and can be used as a Web-based workspace, corporate collaboration platform, social networking etc. Liferay Portal had a cross-site script loophole, which stemmed from the possibility of bypassing the Captcha check, which could lead to the execution of the script in Gogo shell.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Liferay
Published
2025-08-04
Last Modified
2026-02-24
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4604 https://access.redhat.com/security/cve/cve-2025-4604