CVE-2025-43774

Rejected reason: This CVE ID is rejected. The reported vulnerability was found to be present only in a feature that was under development and protected by a beta feature flag. As a result, the issue was not exploitable in the official or public releases within the specified affected ranges, making this a false positive for officially released versions.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

18 Sep 2025, 17:15

Type	Values Removed	Values Added
References	~~{'url': 'https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43774', 'source': 'security@liferay.com'}~~
CWE	~~CWE-79~~
Summary	(en) A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then reflected and executed within the user's browser.	(en) Rejected reason: This CVE ID is rejected. The reported vulnerability was found to be present only in a feature that was under development and protected by a beta feature flag. As a result, the issue was not exploitable in the official or public releases within the specified affected ranges, making this a false positive for officially released versions.

09 Sep 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-09 01:15

Updated : 2025-09-18 17:15

NVD link : CVE-2025-43774

Mitre link : CVE-2025-43774

CVE.ORG link : CVE-2025-43774

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-43774

Attach tags to `CVE-2025-43774`