Description
[Update 2025-09-18]: This vulnerability is now considered a false positive and has been officially rejected. The CVE record for CVE-2025-43774 has been updated to REJECTED
status. The issue was found to be present only in a feature that was under development and protected by a beta feature flag, making it not exploitable in official product releases.
A reflected cross-site scripting (XSS) vulnerability in the Liferay DXP allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then reflected and executed within the user's browser.
Severity
N/A (N/A)
Affected Version(s)
- N/A
Fixed Version(s)
- N/A
Publication date: Mon, 08 Sep 2025 12:23:00 +0000