CVE-2025-43731 – Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS)

August 18, 2025

CVE ID : CVE-2025-43731

Published : Aug. 18, 2025, 7:15 p.m. | 5 hours, 23 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows an remote authenticated user to inject JavaScript in message board threads and categories.

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32992 – Thermo Fisher Scientific ePort Authentication Bypass

Next Article CVE-2025-55299 – VaulTLS Empty Password Authentication Bypass

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

Looking to Outsource React.js Development? Here’s What Top Agencies Are Doing Right

Beyond The Hype: What AI Can Really Do For Product Design

BrowserStack launches Chrome extension that bundles 10+ manual web testing tools

How much RAM does your Linux PC really need in 2025?

Have solar at home? Supercharge that investment with this other crucial component

I replaced my MacBook charger with this compact wall unit – and wish I’d done it sooner

5 reasons to switch to an immutable Linux distro today – and which to try first

Sentry Adds Logs Support for Laravel Apps

Sentry Adds Logs Support for Laravel Apps

Efficient Context Management with Laravel’s Remember Functions

Laravel Devtoolbox: Your Swiss Army Knife Artisan CLI

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

We gave OpenAI’s open-source AI a kid’s test — here’s what happened

With GTA 6, next-gen exclusives, and a console comeback on the horizon, Xbox risks sitting on the sidelines — here’s why

CVE-2025-43731 – Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS)

Workday Staff Fall to Social Engineering; Hackers Access Third-Party CRM Platform

Get Ready for the Black Hat USA 2025 CISO Podcast Series from The Cyber Express and Suraksha Catalyst

Trump’s AI-generated papal portrait sparks controversy and debate

How to Write Unit Tests and E2E Tests for NestJS Applications

Introducing LinuxONE 5 and trends for 2025

GitHub for Beginners: Code review and refactoring with GitHub Copilot

Xbox FY25 Q4 gaming revenue is up 10% year-over-year, driven by growth in first-party games — with Xbox Game Pass reaching nearly $5 billion in annual revenue “for the first time”

Tailwind’s @apply Feature is Better Than it Sounds

South African man imprisoned after ransom demand against his former employer

CISA Adds CVE-2025-27363 to KEV Catalog

CVE-2025-43731 – Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS)

Related Posts