CVE-2025-43761 – Liferay Portal and DXP Reflected Cross-Site Scripting (XSS)

August 22, 2025

CVE ID : CVE-2025-43761

Published : Aug. 22, 2025, 9:15 p.m. | 5 hours, 21 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the frontend-editor-ckeditor-web/ckeditor/samples/old/ajax.html path

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-26498 – “Salesforce Tableau Server File Upload Arbitrary File Write”

Next Article CVE-2025-26496 – Tableau Type Confusion Local Code Inclusion Vulnerability

Highlights

Type mismatch: cannot convert from void to String [closed]

April 20, 2025

package uytr;
import java.awt.Point;
import org.openqa.selenium.By;
import org.openqa.selenium.Keys;
//import org.openqa.selenium.By;
//import org.openqa.selenium.Keys;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.chrome.ChromeDriver;
import org.openqa.selenium.support.ui.Select;
public class Abi {
public static void main(String[] args) {
//System.setProperty(“webdriver.chrome.driver”, “C:UsersdhanaDownloadschromedriver-win64chromedriver-win64.exe”);
WebDriver driver=new ChromeDriver();
driver.get(“https://www.leafground.com/select.xhtml;jsessionid=node01o9qlws6megijfidmkoq8n2j0425439.node0”);
//driver.findElement(By.linkText(“Go to Dashboard”)).click();
WebElement sukanya= driver.findElement(By.className(“ui-selectonemenu”));
Select veera=new Select(sukanya);
String a=(String)veera.selectByVisibleText(“Playwright”);
System.out.println(a);
}

}

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

CVE-2025-43761 – Liferay Portal and DXP Reflected Cross-Site Scripting (XSS)

“What happens online stays online” and other cyberbullying myths, debunked

The need for speed: Why organizations are turning to rapid, trustworthy MDR

CodeSOD: Tangled Up in Foo

How to more efficiently study complex treatment interactions

OpenAI returns to its open-source roots with new open-weight AI models, and it’s a big deal

µgRD – generate a custom initramfs environment

Type mismatch: cannot convert from void to String [closed]

Top Application Monitoring Tools for Developers

Ivanti Endpoint Manager Mobile Vulnerabilities Allow Attackers to Decrypt Other Users’ Passwords

CVE-2025-43711 – Tunnelblick Privilege Escalation Vulnerability

CVE-2025-43761 – Liferay Portal and DXP Reflected Cross-Site Scripting (XSS)

Related Posts