CVE-2025-62267

Multiple cross-site scripting (XSS) vulnerabilities in web content templates select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a users (1) First Name, (2) Middle Name, or (3) Last Name text field.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
LiferayCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
liferaydigital_experience_platform
7.4
liferaydigital_experience_platform
7.4:update35
liferaydigital_experience_platform
7.4:update36
liferaydigital_experience_platform
7.4:update37
liferaydigital_experience_platform
7.4:update38
liferaydigital_experience_platform
7.4:update39
liferaydigital_experience_platform
7.4:update40
liferaydigital_experience_platform
7.4:update41
liferaydigital_experience_platform
7.4:update42
liferaydigital_experience_platform
7.4:update43
liferaydigital_experience_platform
7.4:update44
liferaydigital_experience_platform
7.4:update45
liferaydigital_experience_platform
7.4:update46
liferaydigital_experience_platform
7.4:update47
liferaydigital_experience_platform
7.4:update48
liferaydigital_experience_platform
7.4:update49
liferaydigital_experience_platform
7.4:update50
liferaydigital_experience_platform
7.4:update51
liferaydigital_experience_platform
7.4:update52
liferaydigital_experience_platform
7.4:update53
liferaydigital_experience_platform
7.4:update54
liferaydigital_experience_platform
7.4:update55
liferaydigital_experience_platform
7.4:update56
liferaydigital_experience_platform
7.4:update57
liferaydigital_experience_platform
7.4:update58
liferaydigital_experience_platform
7.4:update59
liferaydigital_experience_platform
7.4:update70
liferaydigital_experience_platform
7.4:update71
liferaydigital_experience_platform
7.4:update72
liferaydigital_experience_platform
7.4:update73
liferaydigital_experience_platform
7.4:update74
liferaydigital_experience_platform
7.4:update75
liferaydigital_experience_platform
7.4:update76
liferaydigital_experience_platform
7.4:update77
liferaydigital_experience_platform
7.4:update78
liferaydigital_experience_platform
7.4:update79
liferaydigital_experience_platform
7.4:update80
liferaydigital_experience_platform
7.4:update81
liferaydigital_experience_platform
7.4:update82
liferaydigital_experience_platform
7.4:update83
liferaydigital_experience_platform
7.4:update84
liferaydigital_experience_platform
7.4:update85
liferaydigital_experience_platform
7.4:update86
liferaydigital_experience_platform
7.4:update87
liferaydigital_experience_platform
7.4:update88
liferaydigital_experience_platform
7.4:update89
liferaydigital_experience_platform
7.4:update90
liferaydigital_experience_platform
7.4:update91
liferaydigital_experience_platform
7.4:update92
liferaydigital_experience_platform
2023.q3.1:q3.1
liferaydigital_experience_platform
2023.q3.2:q3.2
liferaydigital_experience_platform
2023.q3.3:q3.3
liferaydigital_experience_platform
2023.q3.4:q3.4
liferaydigital_experience_platform
2023.q3.5:q3.5
liferaydigital_experience_platform
2023.q3.6:q3.6
liferaydigital_experience_platform
2023.q3.7:q3.7
liferaydigital_experience_platform
2023.q3.8:q3.8
liferaydigital_experience_platform
2023.q3.9:q3.9
liferaydigital_experience_platform
2023.q3.10:q3.10
liferaydigital_experience_platform
2023.q4.0:q4.0
liferaydigital_experience_platform
2023.q4.1:q4.1
liferaydigital_experience_platform
2023.q4.2:q4.2
liferaydigital_experience_platform
2023.q4.3:q4.3
liferaydigital_experience_platform
2023.q4.4:q4.4
liferaydigital_experience_platform
2023.q4.5:q4.5
liferaydigital_experience_platform
2023.q4.6:q4.6
liferaydigital_experience_platform
2023.q4.7:q4.7
liferaydigital_experience_platform
2023.q4.8:q4.8
liferaydigital_experience_platform
2023.q4.9:q4.9
liferaydigital_experience_platform
2023.q4.10:q4.10
liferayliferay_portal
7.4.3.35 ≤
𝑥
< 7.4.3.112
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62267