Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-43757

Date: August 20, 2025

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_definition parameter.

Severity Score

Related Resources (13)

https://github.com/liferay/liferay-portal/commit/90396a201d05be5840f99f7487578aab253dfa87
https://liferay.atlassian.net/browse/LPE-18259
https://github.com/liferay/liferay-portal
https://github.com/liferay/liferay-portal/commit/45492d30bad4084f36e87ef11c29a5bf5fb4046d
https://github.com/liferay/liferay-portal/commit/e83d102bf00af3aa4396c1fc5a1d6b3842ccaeb1
https://nvd.nist.gov/vuln/detail/CVE-2025-43757
https://github.com/liferay/liferay-portal/commit/d001c5ba8a1477755d7d83b8a00aba23036b045b
https://github.com/liferay/liferay-portal/commit/cc46176ba4142f470d540f2343b36f12a678a240
https://github.com/liferay/liferay-portal/commit/9e0026c8aa444937a2bfd079bcca35ab3dd18f5a
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43757
https://github.com/liferay/liferay-portal/commit/0837982b91c5f9e837ec11a93f7e0986e00738fa
https://github.com/liferay/liferay-portal/commit/0114bb60238e5ac74b90fba37fa9748c4e6c114a
https://www.mend.io/vulnerability-database/CVE-2025-43757

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us