Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability - CVE-2025-43814 - Vulnerability Database
Liferay Portal

Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability - CVE-2025-43814

Medium
Reference: CVE-2025-43814
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43814
Title: Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability
Overview:

In Liferay Portal 7.4.0 through 7.4.3.112 and older unsupported versions and Liferay DXP 2023.Q4.0 through 2023.Q4.8 2023.Q3.1 through 2023.Q3.10 7.4 GA through update 92 and older unsupported versions the audit events records a users password reminder answer which allows remote authenticated users to obtain a users password reminder answer via the audit events.