N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-4576

GHSA ID

GHSA-6qcg-28jh-hm7r

EPSS Score

CWE

CWE-79

Published

8/8/2025

Updated

8/8/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-4576

CVE-2025-4576: Liferay Portal Reflected XSS in blogs-web

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/blogs/blogs-web/src/main/resources/META-INF/resources/blogs/entry_cover_image_caption.jsp

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-4576

GHSA ID

GHSA-6qcg-28jh-hm7r

EPSS Score

CWE

CWE-79

Published

8/8/2025

Updated

8/8/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay:com.liferay.blogs.web	maven	< 6.0.139	6.0.139

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The analysis of the provided commit afd9e7751fff6f573699ef1169da279957f72428 clearly indicates a reflected XSS vulnerability in the entry_cover_image_caption.jsp file. The patch itself demonstrates the vulnerability and the fix. The vulnerable code is within a JSP scriptlet, which means the JSP itself is the vulnerable component. The coverImageURL parameter, which is user-controllable, was being directly embedded into a CSS url() function within a style attribute. This allows an attacker to break out of the url() context and inject arbitrary HTML and JavaScript. The fix involves using HtmlUtil.escapeAttribute() to properly sanitize the coverImageURL parameter, preventing the injection of malicious code. Therefore, the identified vulnerable function is the JSP file itself, as it contains the code that processes and renders the malicious input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r**l**t** *ross-sit* s*riptin* (XSS) vuln*r**ility in t** Li**r*y Port*l *.*.* t*rou** *.*.*.***, *n* Li**r*y *XP ****.Q*.* t*rou** ****.Q*.* ,****.Q*.* t*rou** ****.Q*.*, ****.Q*.* t*rou** ****.Q*.**, ****.Q*.* t*rou** ****.Q*.**, ****.Q*.* t*rou*

Reasoning

T** *n*lysis o* t** provi*** *ommit `****************************************` *l**rly in*i**t*s * r**l**t** XSS vuln*r**ility in t** `*ntry_*ov*r_im***_**ption.jsp` *il*. T** p*t** its*l* **monstr*t*s t** vuln*r**ility *n* t** *ix. T** vuln*r**l* *o

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-4576: Liferay Portal Reflected XSS in blogs-web

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI