CVE-2025-43735 Information

Aug 13, 2025 cve

Description

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131 and Liferay DXP 2024.Q4.0 through 2024.Q4.7 2024.Q3.1 through 2024.Q3.13 2024.Q2.0 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget.

Reference

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43735

CNNVD-202508-1048 (Published: 2025-08-12)

Share on:

CVE-2025-43735 Information

Description

Reference

Related CNNVD