CVE-2025-4599 – Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

August 4, 2025

CVE ID : CVE-2025-4599

Published : Aug. 4, 2025, 10:15 p.m. | 1 hour, 28 minutes ago

Description : The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-based XSS because it allows a remote non-authenticated attacker to inject JavaScript into the fragment portlet URL.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4604 – Liferay Portal/Captcha Bypass Remote Code Execution

Next Article CVE-2025-8526 – Exrick xBoot Unrestricted File Upload Vulnerability

Automating Design Systems: Tips And Resources For Getting Started

OpenAI releases two open weight reasoning models

Accelerate tool adoption with a developer experimentation framework

UX Job Interview Helpers

Yes, you can edit video like a pro on Linux – here are my 4 go-to apps

I tried Perplexity’s new reservation feature, and it surprised me with new dining spots to try

Your Samsung TV is getting a huge feature upgrade – 3 AI tools launching right now

This multi-card reader is one of the best investments I’ve made for my creative workflow

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Record and Replay Requests With Laravel ChronoTrace

How to Write Media Queries in Optimizely Configured Commerce (Spire)

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Canon imageFORMULA R40 Driver for Windows 11, 10 (Download)

Microsoft to End Support for Visual Studio 2015 This October

CVE-2025-4599 – Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

CVE-2025-29627 – KeeperChat Biometric Authentication Module Privilege Escalation Vulnerability

Overcoming Vocabulary Constraints with Pixel-level Fallback

Microsoft quietly implies Windows has LOST millions of users since Windows 11 debut — are people really abandoning ship?

CVE-2025-54129 – HAXiam is a packaging wrapper for HAXcms which all

CVE-2025-6110 – Tenda FH1201 Stack-Based Buffer Overflow Vulnerability

Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure

element

CVE-2024-40458 – Ocuco Innovation Elevation of Privilege

CVE-2025-4599 – Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

Related Posts