CVE-2025-62263

Опубликовано: 27 окт. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account Role’s “Title” text field to (1) view account role page, or (2) select account role page.

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Organization’s “Name” text field to (1) view account page, (2) view account organization page, or (3) select account organization page.

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62263
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update10:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update11:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update12:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update13:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update14:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update15:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update16:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update17:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update18:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update19:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update20:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update21:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update22:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update23:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update24:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update25:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update26:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update27:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update28:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update29:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update30:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update31:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update32:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update33:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update34:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update35:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update36:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update9:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.3.7 (включая) до 7.4.3.104 (исключая)

EPSS

Процентиль: 15%

0.00049

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8mgf-rgg5-w38q