N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43753

GHSA ID

GHSA-r367-q549-pgr5

EPSS Score

0.36325%

CWE

CWE-79

Published

8/22/2025

Updated

8/22/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-43753

CVE-2025-43753: Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43753

GHSA ID

GHSA-r367-q549-pgr5

EPSS Score

0.36325%

CWE

CWE-79

Published

8/22/2025

Updated

8/22/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay:com.liferay.layout.taglib	maven	< 16.1.32	16.1.32

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The analysis of the provided commits, particularly 6ebe926008776c3f741f989a884ad07f02a79d9f, points directly to a vulnerability within the getSuccessMessage method of the RenderLayoutStructureDisplayContext class. The vulnerability is a classic reflected XSS, where user-controllable input (in this case, a success message associated with a form) is rendered on the page without proper output encoding or sanitization.

The patch introduces a call to HtmlUtil.escape() on the success message string before it is returned. This is a clear indication that the function was previously vulnerable to HTML and script injection. The accompanying test commits, such as d835c7331e38e048972ab4b8cf3106fc6767015f, confirm this by adding a test case that injects a <script> tag into the success message and asserts that the output is correctly escaped. Therefore, any runtime profile capturing the exploitation of this vulnerability would show the com.liferay.layout.taglib.internal.display.context.RenderLayoutStructureDisplayContext.getSuccessMessage function in the stack trace as it processes the malicious input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r**l**t** *ross-sit* s*riptin* (XSS) vuln*r**ility in t** Li**r*y Port*l *.*.*.** t*rou** *.*.*.***, *n* Li**r*y *XP ****.Q*.* t*rou** ****.Q*.*, ****.Q*.* t*rou** ****.Q*.*, ****.Q*.* t*rou** ****.Q*.**, ****.Q*.* t*rou** ****.Q*.**, ****.Q*.* t*r

Reasoning

T** *n*lysis o* t** provi*** *ommits, p*rti*ul*rly `****************************************`, points *ir**tly to * vuln*r**ility wit*in t** `**tSu***ssM*ss***` m*t*o* o* t** `R*n**rL*youtStru*tur**ispl*y*ont*xt` *l*ss. T** vuln*r**ility is * *l*ssi*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-43753: Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI