CVE-2025-43776
CVE-2025-43776 is a stored cross-site scripting vulnerability in Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–Q2.9 (plus earlier 2024 Q1–Q4 releases) where an authenticated attacker can inject JavaScript via the Custom Object field label. The malicious payload is stored and executed v...