Liferay Portal
Moderate fix1 remedy
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 7.4.3.120, <= 7.4.3.132
Liferay Portal and DXP Stored Cross-Site Scripting Vulnerability in Message Boards Feature
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in Liferay Portal versions 7.4.3.120 to 7.4.3.132, as well as in several Liferay DXP 2024 and 2025 releases. This vulnerability allows remote authenticated attackers to inject JavaScript through the message boards feature accessible via the web interface.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.
Remediation
Liferay Portal users can upgrade to the latest version. Liferay DXP users should upgrade to version 2025.Q2.9 or 2025.Q1.16.
Added: Aug 19, 2025, 1:20 PM
Updated: Aug 19, 2025, 1:47 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
1.7exploitability
5.0remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.