Liferay: Reflected XSS in Marketplace App Manager Web Module

In Liferay Portal versions 7.4.0 through 7.4.3.131 and Liferay DXP versions 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-4388 was detected. This vulnerability allows remote unauthenticated attackers to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web via reflected cross-site scripting. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.132, Liferay DXP to versions 2024.Q1.13 or 2024.Q4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4388.