Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-43779 - Vulnerability Database
Liferay DXP

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-43779

Medium
Reference: CVE-2025-43779
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43779
Title: Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112 and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_commerce_product_definitions_web_internal_portlet_CPDefinitionsPortlet_productTypeName parameter. This malicious payload is then reflected and executed within the user39s browser.