CVE-2025-4599 – Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

August 4, 2025

CVE ID : CVE-2025-4599

Published : Aug. 4, 2025, 10:15 p.m. | 1 hour, 28 minutes ago

Description : The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-based XSS because it allows a remote non-authenticated attacker to inject JavaScript into the fragment portlet URL.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4604 – Liferay Portal/Captcha Bypass Remote Code Execution

Next Article CVE-2025-8526 – Exrick xBoot Unrestricted File Upload Vulnerability

Highlights

CVE-2025-6362 – Simple Pizza Ordering System SQL Injection

June 20, 2025

CVE ID : CVE-2025-6362

Published : June 20, 2025, 8:15 p.m. | 2 hours, 14 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /editpro.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-4599 – Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-52122 – CraftCMS Freeform SSTI Vulnerability

IBM Cloud login breaks for second time this week and Big Blue isn’t saying why

Spider – web app tool

CVE-2025-5817 – Amazon Products to WooCommerce SSRF Vulnerability

CVE-2025-6362 – Simple Pizza Ordering System SQL Injection

Post-Quantum Cryptography Migration Should Start Now: Coalition

SafePay, DevMan Emerge as Major Ransomware Threats

GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs

CVE-2025-4599 – Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

Related Posts