CVE-2025-62263

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account Roles Title text field to (1) view account role page, or (2) select account role page.

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Organizations Name text field to (1) view account page, (2) view account organization page, or (3) select account organization page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
LiferayCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
liferaydigital_experience_platform
7.3:service_pack_3
liferaydigital_experience_platform
7.3:update1
liferaydigital_experience_platform
7.3:update10
liferaydigital_experience_platform
7.3:update11
liferaydigital_experience_platform
7.3:update12
liferaydigital_experience_platform
7.3:update13
liferaydigital_experience_platform
7.3:update14
liferaydigital_experience_platform
7.3:update15
liferaydigital_experience_platform
7.3:update16
liferaydigital_experience_platform
7.3:update17
liferaydigital_experience_platform
7.3:update18
liferaydigital_experience_platform
7.3:update19
liferaydigital_experience_platform
7.3:update2
liferaydigital_experience_platform
7.3:update20
liferaydigital_experience_platform
7.3:update21
liferaydigital_experience_platform
7.3:update22
liferaydigital_experience_platform
7.3:update23
liferaydigital_experience_platform
7.3:update24
liferaydigital_experience_platform
7.3:update25
liferaydigital_experience_platform
7.3:update26
liferaydigital_experience_platform
7.3:update27
liferaydigital_experience_platform
7.3:update28
liferaydigital_experience_platform
7.3:update29
liferaydigital_experience_platform
7.3:update3
liferaydigital_experience_platform
7.3:update30
liferaydigital_experience_platform
7.3:update31
liferaydigital_experience_platform
7.3:update32
liferaydigital_experience_platform
7.3:update33
liferaydigital_experience_platform
7.3:update34
liferaydigital_experience_platform
7.3:update35
liferaydigital_experience_platform
7.3:update36
liferaydigital_experience_platform
7.3:update4
liferaydigital_experience_platform
7.3:update5
liferaydigital_experience_platform
7.3:update6
liferaydigital_experience_platform
7.3:update7
liferaydigital_experience_platform
7.3:update8
liferaydigital_experience_platform
7.3:update9
liferaydigital_experience_platform
7.4
liferaydigital_experience_platform
2023.q3.1:q3.1
liferaydigital_experience_platform
2023.q3.2:q3.2
liferaydigital_experience_platform
2023.q3.3:q3.3
liferaydigital_experience_platform
2023.q3.4:q3.4
liferayliferay_portal
7.3.7 ≤
𝑥
< 7.4.3.104
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62263