CVE-2025-43824 | Liferay Portal/DXP Profile Widget Content-Disposition cross site scripting

A vulnerability classified as problematic was found in Liferay Portal and DXP. This issue affects some unknown processing of the component Profile Widget. Such manipulation of the argument Content-Disposition leads to cross site scripting.

This vulnerability is referenced as CVE-2025-43824. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More