CVE-2025-43800

EPSS 0.04%

Liferay Portal Cross-site Scripting (XSS) vulnerability

發布日:2025/9/15修改日:2025/9/16

描述

Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a rich text type field.

受影響套件(1)

Maven/com.liferay:com.liferay.dynamic.data.mapping.form.field.typefrom 0, < 6.0.167

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-43800
PATCHhttps://github.com/liferay/liferay-portal
WEBhttps://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43800