3 matches found
com.liferay:com.liferay.journal.content.web (>=1.0.0 <=2.0.8), com.liferay:com.liferay.journal.item.selector.web (>=1.0.0 <=1.0.5) potentially affected by CVE-2025-43737 via com.liferay:com.liferay.journal.web (>=1.0.0 <=1.5.0)
com.liferay:com.liferay.journal.web MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.5 Source cves: CVE-2025-43737 Source advisory: OSV:GHSA-VJWR-CQWF-6Q96...
com.liferay:com.liferay.journal.content.web (>=1.0.0 <=2.0.8), com.liferay:com.liferay.journal.item.selector.web (>=1.0.0 <=1.0.5) potentially affected by CVE-2025-43737 via com.liferay:com.liferay.journal.web (>=1.0.0 <=1.5.0)
com.liferay:com.liferay.journal.web MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.5 Source cves: CVE-2025-43737 Source advisory: SNYK:JAVA-COMLIFERAY-12089394...
CVE-2025-43737
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...