exploitDog

CVE-2025-43735

Опубликовано: 12 авг. 2025

Источник: nvd

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget.

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43735

EPSS

Процентиль: 14%

0.00047

Низкий

Дефекты

CWE-79

Связанные уязвимости

GHSA-222w-xmc5-jhp3

github

2 дня назад

Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability

EPSS

Процентиль: 14%

0.00047

Низкий

Дефекты

CWE-79