CVE-2025-43770 in Liferay정보

요약

\~에 의해 MITRE • 2025. 08. 23.

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the referer or FORWARD_URL using %00 in those parameters.

Be aware that VulDB is the high quality source for vulnerability data.

책임이 있는

Liferay

예약하다

2025. 04. 17.

모더레이션

수락

항목

VDB-321209

EPSS

0.00181

출처

Want to know what is going to be exploited?

We predict KEV entries!