CVE-2025-43753 – Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS)

August 21, 2025

CVE ID : CVE-2025-43753

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.

Severity: 2.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleKingfisher – secret‑scanning and live validation tool

Next Article CVE-2023-4131 – CVE-2022-1234: OpenSSL SSL/TLS Denial of Service

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

HoundDog.ai Launches Industry’s First Privacy-by-Design Code Scanner for AI Applications

The Double-Edged Sustainability Sword Of AI In Web Design

How VPNs are helping people evade increased censorship – and much more

Google’s AI Mode can now find restaurant reservations for you – how it works

Best early Labor Day TV deals 2025: Save up to 50% on Samsung, LG, and more

Claude wins high praise from a Supreme Court justice – is AI’s legal losing streak over?

Preserving Data Integrity with Laravel Soft Deletes for Recovery and Compliance

Preserving Data Integrity with Laravel Soft Deletes for Recovery and Compliance

Quickly Generate Forms based on your Eloquent Models with Laravel Formello

Pest 4 is Released

FOSS Weekly #25.34: Mint 22.2 Features, FreeVPN Fiasco, Windows Update Killing SSDs, AI in LibreOffice and More

FOSS Weekly #25.34: Mint 22.2 Features, FreeVPN Fiasco, Windows Update Killing SSDs, AI in LibreOffice and More

You’ll need standalone Word, PowerPoint, Excel on iOS, as Microsoft 365 app becomes a Copilot wrapper

Microsoft to Move Copilot Previews to iOS While Editing Returns to Office Apps

CVE-2025-43753 – Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS)

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

CVE-2025-32471 – Cisco ASA Unsalted Password Vulnerability

CVE-2025-48908 – “Ability Auto Startup Service Vulnerability in Foundation Process”

CVE-2025-41441 – Mailform Pro CGI Information Disclosure

New FDA-cleared blood pressure monitor delivers medical grade results at home

ChatGPT is your personal shopper now

These 5 free add-ons make Minecraft Bedrock Edition feel brand new

Antidote is a Zsh implementation of the legacy Antibody plugin manager

CVE-2025-32421 – Next.js Race Condition Page Prop Exposure

CVE-2025-43753 – Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS)

Related Posts