Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-43755 - Vulnerability Database

Liferay DXP

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-43755

Medium

Reference: CVE-2025-43755

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43755

Title: Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132 and Liferay DXP 2025.Q2.0 2025.Q1.0 through 2025.Q1.13 2024.Q4.0 through 2024.Q4.7 2024.Q3.0 through 2024.Q3.13 2024.Q2.0 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript into the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_type parameter.