Количество 2
Количество 2
CVE-2025-62237
Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account’s “Name” text field.
GHSA-m4g9-5mg6-gfr3
Liferay Portal Commerce is vulnerable to XSS through account "name" field
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-62237 Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account’s “Name” text field. | CVSS3: 5.4 | 0% Низкий | 4 месяца назад |
| GHSA-m4g9-5mg6-gfr3 Liferay Portal Commerce is vulnerable to XSS through account "name" field | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу