Moderate severityNVD Advisory· Published Aug 21, 2025· Updated Aug 21, 2025
CVE-2025-43756
CVE-2025-43756
Description
<!--td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}-->A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 through 2025.Q2.2 and 2024.Q1.13 through 2024.Q1.19 allows a remote authenticated user to inject JavaScript code via snippet parameter.
Affected products
2- Liferay/DXPv5Range: 2024.Q1.13
Patches
26228bb1142e7LPD-57867 Playwright test
1 file changed · +18 −0
modules/test/playwright/tests/portal-web/main/html/common/themes/bottom_js_script.spec.ts+18 −0 modified@@ -108,3 +108,21 @@ test( expect(jsSnippetIIFE).toEqual(true); } ); + +test( + 'Check URL does not allow XSS injection', + {tag: '@LPD-57867'}, + async ({page}) => { + let capturedLogMessage = ''; + + page.on('console', (msg) => { + if (msg.type() === 'log') { + capturedLogMessage = msg.text(); + } + }); + + await page.goto(`/?snippet=console.log("${getRandomString()}")`); + + expect(capturedLogMessage).toBe(''); + } +);
af4fc9238782LPD-57867 Adjust to prevent vulnerability
2 files changed · +19 −15
portal-web/docroot/html/common/themes/bottom_js.jspf+19 −9 modified@@ -208,17 +208,27 @@ if (layout != null) { UnicodeProperties layoutSetSettingsUnicodeProperties = layoutSet.getSettingsProperties(); UnicodeProperties layoutTypeSettingsUnicodeProperties = layout.getTypeSettingsProperties(); + + String snippet = GetterUtil.getString(layoutSetSettingsUnicodeProperties.getProperty("javascript")); + %> + + <c:if test="<%= Validator.isNotNull(snippet) %>"> + <%@ include file="/html/common/themes/bottom_js_script.jspf" %> + </c:if> + + <% + snippet = GetterUtil.getString(masterLayoutTypeSettingsUnicodeProperties.getProperty("javascript")); %> - <liferay-util:include page="/html/common/themes/bottom_js_script.jsp"> - <liferay-util:param name="snippet" value='<%= GetterUtil.getString(layoutSetSettingsUnicodeProperties.getProperty("javascript")) %>' /> - </liferay-util:include> + <c:if test="<%= Validator.isNotNull(snippet) %>"> + <%@ include file="/html/common/themes/bottom_js_script.jspf" %> + </c:if> - <liferay-util:include page="/html/common/themes/bottom_js_script.jsp"> - <liferay-util:param name="snippet" value='<%= GetterUtil.getString(masterLayoutTypeSettingsUnicodeProperties.getProperty("javascript")) %>' /> - </liferay-util:include> + <% + snippet = GetterUtil.getString(layoutTypeSettingsUnicodeProperties.getProperty("javascript")); + %> - <liferay-util:include page="/html/common/themes/bottom_js_script.jsp"> - <liferay-util:param name="snippet" value='<%= GetterUtil.getString(layoutTypeSettingsUnicodeProperties.getProperty("javascript")) %>' /> - </liferay-util:include> + <c:if test="<%= Validator.isNotNull(snippet) %>"> + <%@ include file="/html/common/themes/bottom_js_script.jspf" %> + </c:if> </c:if> \ No newline at end of file
portal-web/docroot/html/common/themes/bottom_js_script.jspf+0 −6 renamed@@ -5,12 +5,6 @@ */ --%> -<%@ include file="/html/common/init.jsp" %> - -<% -String snippet = ParamUtil.getString(request, "snippet"); -%> - <c:if test="<%= Validator.isNotNull(snippet) %>"> <aui:script type="text/javascript"> // <![CDATA[
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-q2gv-w583-f2vqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-43756ghsaADVISORY
- github.com/liferay/liferay-portal/commit/6228bb1142e748342d3f170bf104f458ff59ddb2ghsaWEB
- github.com/liferay/liferay-portal/commit/af4fc9238782c9f2f977d6b9d090ab7b9424daceghsaWEB
- liferay.atlassian.net/browse/LPE-18266ghsaWEB
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43756ghsaWEB
News mentions
0No linked articles in our index yet.