CNNVD-202508-2862 Information
CNNVD ID
CNNVD-202508-2862
Related CVE
- CNNVD Published: 2025-08-23
Description (Chinese)
Liferay Portal和Liferay DXP都是美国Liferay公司的产品。Liferay Portal是一套基于J2EE的门户解决方案。该方案使用了EJB以及JMS等技术,并可作为Web发布和共享工作区、企业协作平台、社交网络等。Liferay DXP是一套数字化体验协作平台。 Liferay Portal 7.4.3.86至7.4.3.131版本和Liferay DXP 2024.Q3.1至2024.Q3.9版本存在输入验证错误漏洞,该漏洞源于开放重定向,可能导致用户被重定向到恶意站点。
Description (English)
Liferay Portal and Liferay DXP are products of the United States company Liferay. Liferay Portal is a portal solution based on J2EE. The programme uses technologies such as EJB and JMS, and can be used as a Web-based workspace, corporate collaboration platform, social networking etc. Liferay DXP is a collaborative platform for digital experience. The Liferay Portal 7.4.3.86 to 7.4.131 and the Liferay DXP 2024.Q3.1 to 2024.Q3.9 have input verification error holes, which stem from open re-direction and may lead to the re-direction of users to malicious sites.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
Liferay
Published
2025-08-23
Last Modified
2026-02-24
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767 https://access.redhat.com/security/cve/cve-2025-43767 https://nvd.nist.gov/vuln/detail/CVE-2025-43767
Patch
https://www.liferay.com/zh/downloads-community
Share on: