Liferay Portal, Cross-site Scripting (XSS), CVE-2025-12345 (Moderate)

Listen to this Post

The CVE-2025-12345 vulnerability is a stored Cross-site Scripting (XSS) flaw within Liferay Portal’s object management system. It specifically targets objects that utilize a rich text type field. The vulnerability arises from insufficient input sanitization and output encoding of user-supplied data within these fields. An attacker can craft a malicious payload containing JavaScript and inject it as the content of the rich text field. When this object is saved and subsequently viewed by another user, the embedded script is rendered and executed by the victim’s browser within the security context of the Liferay Portal site. This allows the attacker to perform actions on behalf of the victim, such as session hijacking, defacement, or redirecting the user to a malicious site, by exploiting the trust the application has in the retrieved content from its own database.
Platform: Liferay Portal/DXP
Version: 7.4.3.20-7.4.3.111, 2023.Q4.0, 2023.Q3.1-2023.Q3.4, 7.4 GA-update 92
Vulnerability: Stored XSS
Severity: Moderate

date: 2025-09-15

Prediction: Patch expected 2025-09-22

What Undercode Say:

`curl -s “https://api.github.com/advisories?search=CVE-2025-12345” | jq ‘.[] | {summary: .summary, severity: .severity}’`

`nmap -p 80,443 –script http-security-headers `

``

How Exploit:

Craft malicious script payload. Inject into object’s rich text field. Save object. Victim views object page. Script executes automatically.

Protection from this CVE:

Update to version 6.0.167. Implement strict Content Security Policy (CSP). Sanitize all rich text input.

Impact:

Session hijacking. Account takeover. Website defacement. Client-side code execution.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top