CVE-2025-43800

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-43800

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43800.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-43800

Aliases

GHSA-jfv5-r382-xvwh

Published

2025-09-15T19:15:35.283Z

Modified

2025-12-18T06:02:13.763831Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a rich text type field.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43800

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

6f6742e8391eee220fcdaabf95441968ecdfde7c

Fixed

b8c35409971bf2f43bb7e28bd1638daab05ce6fa

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43800.json"