CVE-2025-62237 – Liferay Portal Liferay DXP Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-62237

Published : Oct. 10, 2025, 1:15 p.m. | 1 hour, 22 minutes ago

Description : Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account’s “Name” text field.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…