CVE-2025-43783
MEDIUMLiferay DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via /c/portal/comment/discussion/get_editor
Title source: llmDescription
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML via the /c/portal/comment/discussion/get_editor path.
References (1)
Core 1
Core References
Scores
CVSS v3
6.1
EPSS
0.0003
EPSS Percentile
8.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (4)
com.liferay/com.liferay.frontend.editor.ckeditor.web
5.0.76 - 5.0.102Maven
liferay/digital_experience_platform
7.4 update73 (20 CPE variants)
liferay/digital_experience_platform
2024.Q1.1 - 2024.Q1.13
liferay/liferay_portal
7.4.0 - 7.4.3.129
Published
Sep 10, 2025
Tracked Since
Feb 18, 2026