CVE-2025-43734 Information

Aug 13, 2025 cve

Description

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132 and Liferay DXP 2025.Q1.0 through 2025.Q1.10 2024.Q4.0 through 2024.Q4.7 2024.Q3.1 through 2024.Q3.13 2024.Q2.1 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code in the “first display label” field in the configuration of a custom sort widget. This malicious payload is then reflected and executed by clay button taglib when refreshing the page.

Reference

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43734

CNNVD-202508-1260 (Published: 2025-08-12)

Share on:

CVE-2025-43734 Information

Description

Reference

Related CNNVD