exploitDog

CVE-2025-43740

Опубликовано: 19 авг. 2025

Источник: nvd

EPSS Низкий

Описание

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows an remote authenticated attacker to inject JavaScript through the message boards feature available via the web interface.

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43740

EPSS

Процентиль: 43%

0.00208

Низкий

Дефекты

CWE-79

Связанные уязвимости

GHSA-22jp-w3cg-gvmm

github

3 месяца назад

Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature

EPSS

Процентиль: 43%

0.00208

Низкий

Дефекты

CWE-79