CVE-2025-43734

🗓️ 12 Aug 2025 18:51:55Reported by LiferayType

CVE-2025-43734: Reflected XSS in Liferay Portal and DXP; remote authenticated attacker injects JavaScript into the first display label of a custom sort widget; clay button taglib on refresh.

Reporter	Title	Published	Views	Family All 12
CNNVD	Liferay Portal和Liferay DXP 跨站脚本漏洞	12 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-43734	12 Aug 202518:51	–	cvelist
EUVD	EUVD-2025-24463	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability	12 Aug 202521:31	–	github
NVD	CVE-2025-43734	12 Aug 202519:15	–	nvd
OSV	CVE-2025-43734	12 Aug 202519:15	–	osv
OSV	GHSA-M5C7-5GV3-HCPF Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability	12 Aug 202521:31	–	osv
Positive Technologies	PT-2025-32880 · Liferay · Liferay Dxp +1	12 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-43734	14 Aug 202519:30	–	redhatcve
Snyk	Cross-site Scripting (XSS)	12 Aug 202521:31	–	snyk

NVD

Vulners

Node

liferay digital_experience_platformRange2024.q1.1–2024.q1.16

liferay digital_experience_platformRange2024.Q2.1–2024.Q2.13

liferay digital_experience_platformRange2024.q3.1–2024.q3.13

liferay digital_experience_platformRange2024.q4.0–2024.q4.7

liferay digital_experience_platformRange2025.q1.0–2025.q1.10

liferay digital_experience_platformMatch7.4

liferay liferay_portalRange7.4.0–7.4.3.132

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.132",
        "status": "affected",
        "version": "7.4.3.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.13-u92",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q1.16",
        "status": "affected",
        "version": "2024.Q1.1",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2023.Q2.13",
        "status": "affected",
        "version": "2024Q2.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q3.13",
        "status": "affected",
        "version": "2024.Q3.1",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q4.7",
        "status": "affected",
        "version": "2024.Q4.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2025.Q1.10",
        "status": "affected",
        "version": "2025.Q1.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43734

16 Dec 2025 16:55Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.4

CVSS 45.1

EPSS0.00048

SSVC

CWE-79