Vulnerability Details CVE-2025-43734
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code in the “first display label” field in the configuration of a custom sort widget. This malicious payload is then reflected and executed by clay button taglib when refreshing the page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.5%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2025-43734
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.1
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.10
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.11
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.12
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.13
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.14
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.15
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.16
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.2
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.3
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.4
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.5
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.6
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.7
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.8
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.9
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.1
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.10
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.11
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.12
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.13
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.2
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.3
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.4
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.5
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.6
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.7
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.8
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.9
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.1
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.10
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.11
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.12
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.13
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.2
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.3
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.4
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.5
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.6
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.7
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.8
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.9
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q4.0
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q4.7
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.0
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.1
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.10
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.2
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.3
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.4
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.5
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.6
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.7
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.8
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.9
-
cpe:2.3:a:liferay:digital_experience_platform:7.4
-
cpe:2.3:a:liferay:liferay_portal:7.4.0
-
cpe:2.3:a:liferay:liferay_portal:7.4.1
-
cpe:2.3:a:liferay:liferay_portal:7.4.2
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.10
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.100
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.101
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.102
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.103
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.104
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.105
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.106
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.107
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.108
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.109
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.11
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.110
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.111
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.112
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.113
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.114
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.115
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.116
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.117
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.118
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.119
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.12
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.120
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.121
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.122
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.123
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.124
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.125
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.126
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.127
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.128
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.129
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.13
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.130
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.132
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.14
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.15
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.16
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.17
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.18
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.19
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.20
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.21
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.22
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.23
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.24
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.25
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.26
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.27
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.28
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.29
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.30
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.31
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.32
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.33
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.34
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.35
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.36
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.37
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.38
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.39
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.4
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.40
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.41
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.42
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.43
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.44
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.45
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.46
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.47
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.48
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.49
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.5
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.50
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.51
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.52
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.53
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.54
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.55
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.56
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.57
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.58
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.59
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.6
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.60
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.61
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.62
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.63
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.64
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.65
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.66
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.67
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.68
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.69
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.7
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.70
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.71
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.72
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.73
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.74
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.75
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.76
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.77
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.78
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.79
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.8
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.80
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.81
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.82
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.83
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.84
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.85
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.86
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.87
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.88
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.89
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.9
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.90
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.91
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.92
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.94
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.95
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.96
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.97
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.98
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.99