CVE-2025-43804
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-43804. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
Cross-site scripting (XSS) vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_search_web_portlet_SearchPortlet_userId parameter.
Available Exploits
Related News
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Liferay search widget vulnerable to Cross-site Scripting
Affected Products (ENISA)
ENISA Scoring
CVSS Score (4.0)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: September 17, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Liferay search widget vulnerable to Cross-site Scripting
GHSA-ccrc-5vp5-vp5jAdvisory Details
Affected Packages
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
References
Advisory provided by GitHub Security Advisory Database. Published: September 17, 2025, Modified: September 17, 2025