{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T00:59:04.681","vulnerabilities":[{"cve":{"id":"CVE-2025-43826","sourceIdentifier":"security@liferay.com","published":"2025-09-30T23:15:29.160","lastModified":"2025-12-15T18:21:10.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote attackers to inject arbitrary web script or HTML via any rich text field in a web content article."},{"lang":"es","value":"Vulnerabilidades de cross-site scripting (XSS) almacenadas en la traducción de Contenido Web en Liferay Portal 7.4.0 hasta 7.4.3.112, y versiones anteriores no compatibles, y Liferay DXP 2023.Q4.0 hasta 2023.Q4.8, 2023.Q3.1 hasta 2023.Q3.10, 7.4 GA hasta la actualización 92, y versiones anteriores no compatibles, permiten a atacantes remotos inyectar scripts web o HTML arbitrarios a través de cualquier campo de texto enriquecido en un artículo de contenido web."}],"metrics":{"cvssMetricV40":[{"source":"security@liferay.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@liferay.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"7.4","matchCriteriaId":"5F7BCC0B-5F36-4E6B-AABE-61B88E9A99D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.Q3.1","versionEndIncluding":"2023.Q3.10","matchCriteriaId":"DB698493-4763-4E87-9764-BC36906CCF5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.Q4.0","versionEndExcluding":"2023.Q4.9","matchCriteriaId":"15FEBA14-2315-401A-B618-E9522E8213B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.Q1.1","versionEndExcluding":"2024.Q1.3","matchCriteriaId":"92DC696B-CBD4-4F7C-BB0B-AA11282078AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.4.3.113","matchCriteriaId":"D0C1F6C0-9565-4D74-9F1B-96E8CF3C6C5D"}]}]}],"references":[{"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43826","source":"security@liferay.com","tags":["Vendor Advisory"]}]}}]}