CVE-2025-62267
Description
Multiple cross-site scripting (XSS) vulnerabilities in web content templates select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a users (1) First Name, (2) Middle Name, or (3) Last Name text field.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.023
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-62267 are fixed in Liferay - com.liferay.dynamic.data.mapping.item.selector.web 1.0.9 | Windows |
| Vulnerabilities CVE-2025-62267 are fixed in Liferay - com.liferay.dynamic.data.mapping.item.selector.web for Linux 1.0.9 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234