CVE-2025-4576 | Liferay Portal/DXP entry_cover_image_caption.jsp cross site scripting

Inserito da Angelo Barbosa | Ago 8, 2025 | CVE

A vulnerability was found in Liferay Portal and DXP. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/apps/blogs/blogs-web/src/main/resources/META-INF/resources/blogs/entry_cover_image_caption.jsp. The manipulation leads to cross site scripting.

This vulnerability is handled as CVE-2025-4576. The attack may be launched remotely. There is no exploit available.

CVE-2025-4576 | Liferay Portal/DXP entry_cover_image_caption.jsp cross site scripting

Post correlati

CVE-2024-22347 | IBM UrbanCode Velocity/DevOps Velocity up to 4.0.25 risky encryption

CVE-2024-21703 | Atlassian Confluence Data Center/Confluence Server on Windows information disclosure

CVE-2024-2106 | MasterStudy LMS Plugin up to 3.2.10 on WordPress REST Route information disclosure

CVE-2024-10750 | Tenda i22 1.0.0.3(4687) SysToo websReadEvent Content-Length null pointer dereference