Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-62264 - Vulnerability Database
Liferay DXP

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-62264

Medium
Reference: CVE-2025-62264
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-62264
Title: Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111 and Liferay DXP 2023.Q4.0 through 2023.Q4.10 2023.Q3.1 through 2023.Q3.10 and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId parameter.