CVE-2025-4599 – Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

August 4, 2025

CVE ID : CVE-2025-4599

Published : Aug. 4, 2025, 10:15 p.m. | 1 hour, 28 minutes ago

Description : The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-based XSS because it allows a remote non-authenticated attacker to inject JavaScript into the fragment portlet URL.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4604 – Liferay Portal/Captcha Bypass Remote Code Execution

Next Article CVE-2025-8526 – Exrick xBoot Unrestricted File Upload Vulnerability

Highlights

CVE-2025-4913 – PHPGurukul Auto Taxi Stand Management System SQL Injection Vulnerability

May 19, 2025

CVE ID : CVE-2025-4913

Published : May 19, 2025, 6:15 a.m. | 45 minutes ago

Description : A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-4599 – Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

PHP 8.5.0 Alpha 1 available for testing

YAML for Scalable and Simple Test Automation

Akamai diventa il fornitore ufficiale dell’infrastruttura del kernel Linux

Rilasciata Deepin 23.1: Aggiornamenti e Correzioni

CVE-2025-4913 – PHPGurukul Auto Taxi Stand Management System SQL Injection Vulnerability

OpenAI to Grow UK Presence, Explore AI Jobs and Infrastructure with Government Deal

Your Android phone is getting a new security secret weapon – how it works

How to Install Gemini CLI on Ubuntu to Access AI from Your Terminal

CVE-2025-4599 – Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

Related Posts