Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-62263 - Vulnerability Database
Liferay DXP

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-62263

Medium
Reference: CVE-2025-62263
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-62263
Title: Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103 and Liferay DXP 2023.Q3.1 through 2023.Q3.4 7.4 GA through update 92 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account Roles Title text field to (1) view account role page or (2) select account role page. Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103 and Liferay DXP 2023.Q3.1 through 2023.Q3.4 7.4 GA through update 92 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Organizations Name text field to (1) view account page (2) view account organization page or (3) select account organization page.