VYPR
Unrated severityNVD Advisory· Published Sep 24, 2025· Updated Sep 24, 2025

CVE-2025-43779

CVE-2025-43779

Description

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_commerce_product_definitions_web_internal_portlet_CPDefinitionsPortlet_productTypeName parameter. This malicious payload is then reflected and executed within the user's browser.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Liferay/Portalllm-fuzzy2 versions
    7.4.0 through 7.4.3.112+ 1 more
    • (no CPE)range: 7.4.0 through 7.4.3.112
    • (no CPE)range: 7.4.0
  • Liferay/DXPllm-fuzzy2 versions
    2024.Q1.1 through 2024.Q1.18; 7.4 GA through update 92+ 1 more
    • (no CPE)range: 2024.Q1.1 through 2024.Q1.18; 7.4 GA through update 92
    • (no CPE)range: 7.4.13

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.