CVE-2025-43753

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.

Published: Aug 22, 2025
Updated: Dec 20, 2025
CVE: CVE-2025-43753
GHSA: GHSA-r367-q549-pgr5
Severity: Low
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
com.liferay / com.liferay.layout.taglib	-	16.1.32
liferay / digital_experience_platform	2024.Q1.1	2024.q1.17
liferay / digital_experience_platform	2024.Q2.1	2024.q2.13.x
liferay / digital_experience_platform	2024.q3.1	2024.q3.13.x
liferay / digital_experience_platform	2024.q4.0	2024.q4.7.x
liferay / digital_experience_platform	2025.Q1.0	2025.q1.8
liferay / digital_experience_platform	7.4-update32	7.4-update32.x
liferay / digital_experience_platform	7.4-update33	7.4-update33.x
liferay / digital_experience_platform	7.4-update34	7.4-update34.x
liferay / digital_experience_platform	7.4-update35	7.4-update35.x
liferay / digital_experience_platform	7.4-update36	7.4-update36.x
liferay / digital_experience_platform	7.4-update37	7.4-update37.x
liferay / digital_experience_platform	7.4-update38	7.4-update38.x
liferay / digital_experience_platform	7.4-update39	7.4-update39.x
liferay / digital_experience_platform	7.4-update40	7.4-update40.x
liferay / digital_experience_platform	7.4-update41	7.4-update41.x
liferay / digital_experience_platform	7.4-update42	7.4-update42.x
liferay / digital_experience_platform	7.4-update43	7.4-update43.x
liferay / digital_experience_platform	7.4-update44	7.4-update44.x
liferay / digital_experience_platform	7.4-update45	7.4-update45.x
liferay / digital_experience_platform	7.4-update46	7.4-update46.x
liferay / digital_experience_platform	7.4-update47	7.4-update47.x
liferay / digital_experience_platform	7.4-update48	7.4-update48.x
liferay / digital_experience_platform	7.4-update49	7.4-update49.x
liferay / digital_experience_platform	7.4-update50	7.4-update50.x
liferay / digital_experience_platform	7.4-update51	7.4-update51.x
liferay / digital_experience_platform	7.4-update52	7.4-update52.x
liferay / digital_experience_platform	7.4-update53	7.4-update53.x
liferay / digital_experience_platform	7.4-update54	7.4-update54.x
liferay / digital_experience_platform	7.4-update55	7.4-update55.x
liferay / digital_experience_platform	7.4-update56	7.4-update56.x
liferay / digital_experience_platform	7.4-update57	7.4-update57.x
liferay / digital_experience_platform	7.4-update58	7.4-update58.x
liferay / digital_experience_platform	7.4-update59	7.4-update59.x
liferay / digital_experience_platform	7.4-update60	7.4-update60.x
liferay / digital_experience_platform	7.4-update61	7.4-update61.x
liferay / digital_experience_platform	7.4-update62	7.4-update62.x
liferay / digital_experience_platform	7.4-update63	7.4-update63.x
liferay / digital_experience_platform	7.4-update64	7.4-update64.x
liferay / digital_experience_platform	7.4-update65	7.4-update65.x
liferay / digital_experience_platform	7.4-update66	7.4-update66.x
liferay / digital_experience_platform	7.4-update67	7.4-update67.x
liferay / digital_experience_platform	7.4-update68	7.4-update68.x
liferay / digital_experience_platform	7.4-update69	7.4-update69.x
liferay / digital_experience_platform	7.4-update70	7.4-update70.x
liferay / digital_experience_platform	7.4-update71	7.4-update71.x
liferay / digital_experience_platform	7.4-update72	7.4-update72.x
liferay / digital_experience_platform	7.4-update73	7.4-update73.x
liferay / digital_experience_platform	7.4-update74	7.4-update74.x
liferay / digital_experience_platform	7.4-update75	7.4-update75.x
liferay / digital_experience_platform	7.4-update76	7.4-update76.x
liferay / digital_experience_platform	7.4-update77	7.4-update77.x
liferay / digital_experience_platform	7.4-update78	7.4-update78.x
liferay / digital_experience_platform	7.4-update79	7.4-update79.x
liferay / digital_experience_platform	7.4-update80	7.4-update80.x
liferay / digital_experience_platform	7.4-update81	7.4-update81.x
liferay / digital_experience_platform	7.4-update82	7.4-update82.x
liferay / digital_experience_platform	7.4-update83	7.4-update83.x
liferay / digital_experience_platform	7.4-update84	7.4-update84.x
liferay / digital_experience_platform	7.4-update85	7.4-update85.x
liferay / digital_experience_platform	7.4-update86	7.4-update86.x
liferay / digital_experience_platform	7.4-update87	7.4-update87.x
liferay / digital_experience_platform	7.4-update88	7.4-update88.x
liferay / digital_experience_platform	7.4-update89	7.4-update89.x
liferay / digital_experience_platform	7.4-update90	7.4-update90.x
liferay / digital_experience_platform	7.4-update91	7.4-update91.x
liferay / digital_experience_platform	7.4-update92	7.4-update92.x
liferay / liferay_portal	7.4.3.32	7.4.3.132.x

Vulnerability Database

313,495

CVE-2025-43753

Deep Security Visibility Without the Complexity