CVE-2025-4388 – Liferay Portal/DXP Reflected Cross-Site Scripting (XSS) Vulnerability

May 6, 2025

CVE ID : CVE-2025-4388

Published : May 6, 2025, 6:15 p.m. | 1 hour, 19 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46816 – “goshs Command Injection Vulnerability”

Next Article CVE-2025-46815 – ZITADEL IdP Intent Session Token Abuse

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-4388 – Liferay Portal/DXP Reflected Cross-Site Scripting (XSS) Vulnerability

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

Quality begins with planning: Building software with the right mindset

I paid $40 for Rocket League without the cars: REMATCH launches early, but some players are unhappy with the game

CVE-2025-0915 – IBM Db2 Memory Allocation DoS Vulnerability

Brussels Court Slams Tracking-Based Ads, Upholds GDPR Privacy Standards

CVE-2025-3824 – SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability

Microsoft 365 teases new 3D Office icons for Windows 11, revamp to reflect AI

CVE-2025-2082 – Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability

Mortal Shell 2 was Summer Game Fest’s first banger announcement, and the Soulslike sequel is getting a beta before release

CVE-2025-4388 – Liferay Portal/DXP Reflected Cross-Site Scripting (XSS) Vulnerability

Related Posts