CVE-2025-43800

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a rich text type field.

Vulnerability Details

Published Date

September 15, 2025

Last Modified

September 16, 2025

Source

MITRE

Vendor

Liferay

Product

Portal, DXP

External References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43800

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment