CVE-2025-43737
CVE-2025-43737 is a reflected XSS vulnerability in Liferay Portal 7.4.3.132 and Liferay DXP releases 2025.Q2.0–2025.Q2.8 and 2025.Q1.0–2025.Q1.15. The issue allows a remote authenticated user to inject JavaScript by manipulating the parameter _com_liferay_journal_web_portlet_JournalPortlet_backUR...