Description
Multiple cross-site scripting (XSS) vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into (1) a user’s “First Name” text field, (2) a user’s “Middle Name” text field, (3) a user’s “Last Name” text field, (4) the “Other Reason” text field when flagging content, or (5) the name of the flagged content.
INFO
Published Date :
2025-10-08T14:13:40.235Z
Last Modified :
2025-10-08T14:30:29.074Z
Source :
Liferay
AFFECTED PRODUCTS
The following products are affected by CVE-2025-43771 vulnerability.
Vendors | Products |
---|---|
Liferay |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-43771.