Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability - CVE-2025-43814 - Vulnerability Database
Liferay DXP

Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability - CVE-2025-43814

Medium
Reference: CVE-2025-43814
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43814
Title: Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability
Overview:

In Liferay Portal 7.4.0 through 7.4.3.112 and older unsupported versions and Liferay DXP 2023.Q4.0 through 2023.Q4.8 2023.Q3.1 through 2023.Q3.10 7.4 GA through update 92 and older unsupported versions the audit events records a users password reminder answer which allows remote authenticated users to obtain a users password reminder answer via the audit events.