Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-3fp2-6mwq-4q3j

Опубликовано: 20 авг. 2025
Источник: github
Github: Прошло ревью
CVSS4: 6.9

Описание

Liferay Portal Vulnerable to Cross-Site Scripting through URLs

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript in web content for friendly urls.

Ссылки

Пакеты

Наименование

com.liferay:com.liferay.layout.type.controller.display.page

maven
Затронутые версииВерсия исправления

< 3.0.59

3.0.59

EPSS

Процентиль: 6%
0.00025
Низкий

6.9 Medium

CVSS4

CVE ID

CVE-2025-43742

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2025-43742

CVSS3: 6.1
nvd
6 месяцев назад

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript in web content for friendly urls.

EPSS

Процентиль: 6%
0.00025
Низкий

6.9 Medium

CVSS4

CVE ID

CVE-2025-43742

Дефекты

CWE-79