cbcvebase.
CVE-2025-62263
published 2025-10-27

CVE-2025-62263: Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through…

medium4.8CVSS 4.0
AVNACLATNPRLUIAVCLVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account Role’s “Title” text field to (1) view account role page, or (2) select account role page. Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Organization’s “Name” text field to (1) view account page, (2) view account organization page, or (3) select account organization page.

Affected

11 ranges
VendorProductVersion rangeFixed in
liferaydigital_experience_platform
liferaydigital_experience_platform
liferaydigital_experience_platform
liferaydigital_experience_platform
liferaydigital_experience_platform
liferaydigital_experience_platform
liferaydxp2023.Q3.1 – 2023.Q3.4
liferaydxp7.3.10-sp3 – 7.3.10-u36
liferaydxp7.4.13 – 7.4.13-u92
liferayliferay_portal>= 7.3.7 < 7.4.3.1047.4.3.104
liferayportal7.3.7 – 7.4.3.103