CVE-2025-43823

CVE-2025-43823 is an XSS vulnerability in the Liferay Commerce Search Result widget. A crafted payload injected into a Commerce Product’s Name field can execute arbitrary script in affected environments. Affected products/versions include Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q4 bef...