CVE-2025-43770 in Liferayinformazioni

Riassunto

di MITRE • 23/08/2025

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the referer or FORWARD_URL using %00 in those parameters.

Be aware that VulDB is the high quality source for vulnerability data.

Responsabile

Liferay

Prenotare

17/04/2025

Divulgazione

23/08/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00181

KEV

no

Attività

molto basso

Fonti

Want to know what is going to be exploited?

We predict KEV entries!