Vulnerability Details CVE-2025-43740
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows an remote authenticated attacker to inject JavaScript through the message boards feature available via the web interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.1%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2025-43740
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.10
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.11
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.12
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.13
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.14
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.15
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.16
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.17
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.18
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.19
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q1.9
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.1
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.10
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.11
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.12
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.13
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.2
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.3
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.4
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.5
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.6
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.7
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.8
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q2.9
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.1
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.10
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.11
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.12
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.13
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.2
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.3
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.4
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.5
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.6
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.7
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.8
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q3.9
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q4.0
-
cpe:2.3:a:liferay:digital_experience_platform:2024.q4.7
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.0
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.1
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.10
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.11
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.12
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.13
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.14
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.15
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.2
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.3
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.4
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.5
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.6
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.7
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.8
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q1.9
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q2.0
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q2.1
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q2.2
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q2.3
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q2.4
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q2.5
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q2.6
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q2.7
-
cpe:2.3:a:liferay:digital_experience_platform:2025.q2.8
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.120
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.121
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.122
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.123
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.124
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.125
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.126
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.127
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.128
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.129
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.130
-
cpe:2.3:a:liferay:liferay_portal:7.4.3.132