{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T17:43:17.980","vulnerabilities":[{"cve":{"id":"CVE-2025-43740","sourceIdentifier":"security@liferay.com","published":"2025-08-19T13:15:41.400","lastModified":"2025-12-19T16:28:54.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows an remote authenticated attacker to inject JavaScript through the message boards feature available via the web interface."},{"lang":"es","value":"Una vulnerabilidad de cross site scripting almacenado en Liferay Portal 7.4.3.120 a 7.4.3.132 y Liferay DXP 2025.Q2.0 a 2025.Q2.8, 2025.Q1.0 a 2025.Q1.15, 2024.Q4.0 a 2024.Q4.7, 2024.Q3.1 a 2024.Q3.13, 2024.Q2.1 a 2024.Q2.13 y 2024.Q1.9 a 2024.Q1.19 permite a un atacante remoto autenticado inyectar JavaScript a través de la función de foros de mensajes disponible mediante la interfaz web."}],"metrics":{"cvssMetricV40":[{"source":"security@liferay.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@liferay.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.Q1.9","versionEndExcluding":"2024.Q1.20","matchCriteriaId":"AAA1BF52-E2DD-4212-877E-6D4682A59FD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.Q2.1","versionEndIncluding":"2024.Q2.13","matchCriteriaId":"6D947DFA-C2BB-4B5C-93CF-505525176039"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.q3.1","versionEndIncluding":"2024.q3.13","matchCriteriaId":"81DE8039-B5BF-4747-A426-DCA1FFC8D960"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.q4.0","versionEndIncluding":"2024.q4.7","matchCriteriaId":"FB83F0DC-CD4C-4C2F-AEB5-98ABB73428A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.Q1.0","versionEndExcluding":"2025.Q1.16","matchCriteriaId":"4790F790-CF10-4F4F-AC16-2C253A82256B"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.Q2.0","versionEndExcluding":"2025.Q2.9","matchCriteriaId":"43F3357A-9692-4CB3-A2DD-9CB7CCA68848"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.3.120","versionEndIncluding":"7.4.3.132","matchCriteriaId":"22533373-DB4F-4DDA-B15D-8CD49C0CEE56"}]}]}],"references":[{"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43740","source":"security@liferay.com","tags":["Vendor Advisory"]}]}}]}