exploitDog

CVE-2025-43746

Опубликовано: 20 авг. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_portletNamespace and _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_namespace parameter.

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43746
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2024.Q1.1 (включая) до 2024.Q1.19 (исключая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2024.q2.0 (включая) до 2024.q2.13 (включая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2024.Q3.0 (включая) до 2024.Q3.13 (включая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2024.q4.0 (включая) до 2024.q4.7 (включая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2025.Q1.0 (включая) до 2025.Q1.15 (исключая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2025.Q2.0 (включая) до 2025.Q2.3 (исключая)

cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update39:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update40:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update42:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update43:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update44:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update45:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update46:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update47:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update49:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update51:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update53:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update54:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update55:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update56:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update57:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update58:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update59:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update60:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update61:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update63:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update64:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update65:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update66:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update68:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update69:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update70:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update71:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update72:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update73:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update74:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update75:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.4.3.132 (включая)

EPSS

Процентиль: 7%

0.00027

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-mpww-r37c-vxjw

github

6 месяцев назад

Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping

EPSS

Процентиль: 7%

0.00027

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79