GHSA-qgj5-4qvg-2f8c

Suggest an improvement
Source
https://github.com/advisories/GHSA-qgj5-4qvg-2f8c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-qgj5-4qvg-2f8c/GHSA-qgj5-4qvg-2f8c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-qgj5-4qvg-2f8c
Aliases
  • CVE-2025-43774
Published
2025-09-09T03:30:17Z
Modified
2025-09-10T20:42:54.867935Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
Liferay Portal is vulnerable to XSS attack through its Style Book theme
Details

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then reflected and executed within the user's browser.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-10T20:00:33Z",
    "nvd_published_at": "2025-09-09T01:15:31Z",
    "severity": "LOW"
}
References

Affected packages

Maven / com.liferay:com.liferay.frontend.taglib.clay

Package

Name
com.liferay:com.liferay.frontend.taglib.clay
View open source insights on deps.dev
Purl
pkg:maven/com.liferay/com.liferay.frontend.taglib.clay

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.2.1

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.20
2.2.21
2.2.22
2.2.23
2.2.24
2.2.25
2.2.26
2.2.27
2.2.28
2.2.29
2.2.30
2.2.31
2.2.32
2.2.33
2.2.34
2.2.35
2.2.36
2.2.37
2.2.38
2.2.39
2.2.40
2.2.41
2.2.42
2.2.43
2.2.44
2.2.45
2.2.46
2.2.47
2.2.48
3.*
3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.3.0
3.3.1
3.4.0
3.4.1
3.4.2
3.5.0
4.*
4.0.0
4.0.1
4.0.2
4.0.3
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.3.7
6.3.8
6.3.9
6.3.10
6.3.11
6.3.12
6.3.13
6.3.14
6.3.15
6.3.16
6.3.17
6.3.18
6.3.19
6.3.20
6.3.21
6.3.22
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.4.8
6.4.9
6.4.10
6.5.0
6.5.1
6.6.0
6.6.1
6.6.2
6.6.3
6.6.4
6.6.5
6.6.6
6.6.7
6.6.8
6.6.9
6.6.10
6.6.11
6.6.12
6.6.13
6.6.14
6.6.15
6.6.16
6.6.17
6.6.18
6.6.19
6.6.20
6.6.21
6.6.22
6.6.23
6.6.24
6.6.25
6.6.26
7.*
7.1.0
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
7.1.7
7.1.8
7.1.9
7.1.10
7.1.11
7.1.12
7.1.13
7.1.14
7.2.0
7.2.1
7.3.0
7.3.1
7.3.2
7.3.3
7.3.4
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0
7.5.1
8.*
8.0.0
8.0.1
8.0.2
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
9.*
9.0.0
9.0.1
9.0.2
9.0.3
9.0.4
9.0.5
9.0.6
9.1.0
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
9.1.6
9.1.7
9.1.8
9.1.9
9.1.10
9.1.11
9.1.12
9.1.13
9.1.14
9.2.0
9.2.1
9.2.2
9.2.3
9.2.4
9.2.5
9.2.6
9.2.7
9.2.8
9.2.9
9.2.10
9.2.11
9.3.0
9.3.1
10.*
10.0.0
11.*
11.0.0
11.0.1
11.1.0
12.*
12.0.0
12.0.1
12.0.2
12.0.3
12.0.4
12.0.5
12.1.0
12.1.1
12.1.2
12.1.3
12.1.4
12.1.5
12.1.6
12.1.7
12.1.8
12.1.9
12.1.10
13.*
13.0.0
13.0.1
13.0.2
13.0.3
13.0.4
13.1.0
13.1.1
13.2.0
13.3.0
13.4.0
13.4.1
13.4.2
13.5.0
13.5.1
13.5.2
13.5.3
13.5.4
13.5.5
13.5.6
13.6.0
13.6.1
13.6.2
13.6.3
13.7.0
13.8.0
13.9.0
13.9.1
13.10.0
13.10.1
13.11.0
13.11.1
13.12.0
13.13.0
13.13.1
14.*
14.0.0
14.1.0
14.1.1
14.1.2
14.1.3
14.1.4
14.1.5
14.2.0
14.2.1
14.3.0
14.3.1
14.3.2
14.4.0
15.*
15.0.0
15.0.1
15.0.2
15.0.3
15.0.4
15.0.5
15.0.6
15.0.7
15.0.8
15.0.9
15.1.0
15.1.1
15.1.2
15.1.3
15.1.4
15.1.5
15.2.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-qgj5-4qvg-2f8c/GHSA-qgj5-4qvg-2f8c.json"