6.1
CVE-2025-62267
- EPSS 0.04%
- Veröffentlicht 31.10.2025 18:12:50
- Zuletzt bearbeitet 10.11.2025 17:04:42
- Quelle security@liferay.com
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name, or (3) Last Name text field.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Liferay ≫ Digital Experience Platform Version7.4
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate35
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate36
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate37
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate38
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate39
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate40
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate41
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate42
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate43
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate44
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate45
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate46
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate47
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate48
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate49
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate50
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate51
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate52
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate53
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate54
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate55
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate56
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate57
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate58
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate59
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate70
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate71
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate72
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate73
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate74
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate75
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate76
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate77
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate78
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate79
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate80
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate81
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate82
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate83
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate84
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate85
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate86
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate87
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate88
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate89
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate90
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate91
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate92
Liferay ≫ Digital Experience Platform Version2023.q3.1
Liferay ≫ Digital Experience Platform Version2023.q3.2
Liferay ≫ Digital Experience Platform Version2023.q3.3
Liferay ≫ Digital Experience Platform Version2023.q3.4
Liferay ≫ Digital Experience Platform Version2023.q3.5
Liferay ≫ Digital Experience Platform Version2023.q3.6
Liferay ≫ Digital Experience Platform Version2023.q3.7
Liferay ≫ Digital Experience Platform Version2023.q3.8
Liferay ≫ Digital Experience Platform Version2023.q3.9
Liferay ≫ Digital Experience Platform Version2023.q3.10
Liferay ≫ Digital Experience Platform Version2023.q4.0
Liferay ≫ Digital Experience Platform Version2023.q4.1
Liferay ≫ Digital Experience Platform Version2023.q4.2
Liferay ≫ Digital Experience Platform Version2023.q4.3
Liferay ≫ Digital Experience Platform Version2023.q4.4
Liferay ≫ Digital Experience Platform Version2023.q4.5
Liferay ≫ Digital Experience Platform Version2023.q4.6
Liferay ≫ Digital Experience Platform Version2023.q4.7
Liferay ≫ Digital Experience Platform Version2023.q4.8
Liferay ≫ Digital Experience Platform Version2023.q4.9
Liferay ≫ Digital Experience Platform Version2023.q4.10
Liferay ≫ Liferay Portal Version >= 7.4.3.35 < 7.4.3.112
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.116 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| security@liferay.com | 4.6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.