Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-43783
Reference:
CVE-2025-43783
Title:
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128 and Liferay DXP 2024.Q3.0 through 2024.Q3.1 2024.Q2.0 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.12 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML via the /c/portal/comment/discussion/get_editor path.