CVE-2025-43804 | Liferay Portal/DXP Search Widget cross site scripting

A vulnerability marked as problematic has been reported in Liferay Portal and DXP. This affects an unknown part of the component Search Widget. This manipulation of the argument _com_liferay_portal_search_web_portlet_SearchPortlet_userId causes cross site scripting.

This vulnerability is handled as CVE-2025-43804. The attack can be initiated remotely. There is not any exploit available.VulDB Recent EntriesRead More