CVE-2025-43733
Liferay Portal Vulnerable to Cross-Site Scripting
EPSS 0.03%
描述
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user's browser when viewing the "document View Usages" page. Liferay Portal is fixed on the master branch from commit 2135a88.
如何修補 CVE-2025-43733
要修補 CVE-2025-43733,請將受影響套件升級到下列已修補版本。
- Maven/com.liferay:com.liferay.layout.taglib—升級至 17.0.0 或更新版本
CVE-2025-43733 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 17.0.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N |