CVE-2025-43826_CVE-2025-43826

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote attackers to inject arbitrary web script or HTML via any rich text field in a web content article.

Basic Information

ID CVE-2025-43826

Source Liferay

Published Sep 30, 2025 at 22:36

Affected Product

Vendor Liferay

Product Portal

Version 7.4.0

Affected Versions Liferay Portal 7.4.0
Liferay DXP 7.4.13
Liferay DXP 2023.Q3.1
Liferay DXP 2023.Q4.0
Liferay DXP 2024.Q1.1

CWE Classification

CWE-79

References

liferay.dev /portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43826

{
    "lastseen": "",
    "description": "Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote attackers to inject arbitrary web script or HTML via any rich text field in a web content article.",
    "published": "2025-09-30T22:36:31.957Z",
    "modified": "2025-09-30T22:36:31.957Z",
    "type": "cve",
    "title": "CVE-2025-43826",
    "source": "Liferay",
    "references": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43826",
    "id": "CVE-2025-43826",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Liferay Portal 7.4.0\nLiferay DXP 7.4.13\nLiferay DXP 2023.Q3.1\nLiferay DXP 2023.Q4.0\nLiferay DXP 2024.Q1.1",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Portal",
    "version": "7.4.0",
    "vendor": "Liferay",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}