CVE-2025-43804 | Liferay Portal/DXP Search Widget cross site scripting

Inserito da Angelo Barbosa | Set 17, 2025 | CVE

A vulnerability marked as problematic has been reported in Liferay Portal and DXP. This affects an unknown part of the component Search Widget. This manipulation of the argument _com_liferay_portal_search_web_portlet_SearchPortlet_userId causes cross site scripting.

This vulnerability is handled as CVE-2025-43804. The attack can be initiated remotely. There is not any exploit available.

CVE-2025-43804 | Liferay Portal/DXP Search Widget cross site scripting

Post correlati

CVE-2025-22506 | SmartAgenda Smart Agenda Plugin up to 4.7 on WordPress cross site scripting

CVE-2024-13900 | satollo Head, Footer and Post Injections Plugin up to 3.3.0 on WordPress code injection

CVE-2024-56073 | FastNetMon Community Edition up to 1.2.7 Zero-length Templates for Netflow divide by zero

CVE-2024-28668 | DedeCMS 5.7 /dede/mychannel_add.php cross-site request forgery