CVE-2025-62263

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.7 through 7.4.3.103 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 GA through update 92 Liferay Portal 7.3 service pack 3 through update 36

Description The software contains multiple cross-site scripting (XSS) issues. Remote attackers can inject arbitrary web script or HTML code through crafted payloads. Specifically, the vulnerabilities exist when injecting payloads into the “Title” text field of an Account Role and the “Name” text field of an Organization. Exploitation via the Account Role “Title” field can allow attackers to view or select account role pages. Exploitation via the Organization “Name” field can allow attackers to view or select account pages and account organization pages.

Recommendations Liferay Portal versions 7.3.7 through 7.4.3.103 should be updated. Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 should be updated. Liferay DXP 7.4 GA through update 92 should be updated. Liferay Portal 7.3 service pack 3 through update 36 should be updated.