Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-43765 - Vulnerability Database

Liferay DXP

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-43765

Medium

Reference: CVE-2025-43765

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43765

Title: Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131 and Liferay DXP 2024.Q4.0 2024.Q3.1 through 2024.Q3.13 2024.Q2.0 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the text field from a web content.