CVE-2025-43815

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-43815

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43815.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-43815

Aliases

GHSA-wmjx-xv9v-r89q

Published

2025-09-29T22:15:35.707Z

Modified

2026-04-10T05:26:43.793501Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Reflected cross-site scripting (XSS) vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortlet_backURLTitle parameter.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43815

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type

GIT

Repo

https://github.com/liferay/liferay-portal

Events

Introduced

075b1fec5e8ec7b940ea2780fe3c5c7a9d51ca74

Fixed

f018f8e5c94f9fe264531e7180739d82a7b47224

Database specific

{
    "versions": [
        {
            "introduced": "7.4.3.102"
        },
        {
            "fixed": "7.4.3.111"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43815.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "2023.q4.0"
            },
            {
                "fixed": "2023.q4.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2023.q3.5"
            }
        ]
    }
]