CVE-2025-62263

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account Role’s “Title” text field to (1) view account role page, or (2) select account role page.

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Organization’s “Name” text field to (1) view account page, (2) view account organization page, or (3) select account organization page.

Published: Oct 27, 2025
Updated: Dec 15, 2025
CVE: CVE-2025-62263
GHSA: GHSA-8mgf-rgg5-w38q
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
com.liferay / com.liferay.account.admin.web	2.0.0	2.0.108
liferay / digital_experience_platform	7.3-service_pack_3	7.3-service_pack_3.x
liferay / digital_experience_platform	7.3-update1	7.3-update1.x
liferay / digital_experience_platform	7.3-update10	7.3-update10.x
liferay / digital_experience_platform	7.3-update11	7.3-update11.x
liferay / digital_experience_platform	7.3-update12	7.3-update12.x
liferay / digital_experience_platform	7.3-update13	7.3-update13.x
liferay / digital_experience_platform	7.3-update14	7.3-update14.x
liferay / digital_experience_platform	7.3-update15	7.3-update15.x
liferay / digital_experience_platform	7.3-update16	7.3-update16.x
liferay / digital_experience_platform	7.3-update17	7.3-update17.x
liferay / digital_experience_platform	7.3-update18	7.3-update18.x
liferay / digital_experience_platform	7.3-update19	7.3-update19.x
liferay / digital_experience_platform	7.3-update2	7.3-update2.x
liferay / digital_experience_platform	7.3-update20	7.3-update20.x
liferay / digital_experience_platform	7.3-update21	7.3-update21.x
liferay / digital_experience_platform	7.3-update22	7.3-update22.x
liferay / digital_experience_platform	7.3-update23	7.3-update23.x
liferay / digital_experience_platform	7.3-update24	7.3-update24.x
liferay / digital_experience_platform	7.3-update25	7.3-update25.x
liferay / digital_experience_platform	7.3-update26	7.3-update26.x
liferay / digital_experience_platform	7.3-update27	7.3-update27.x
liferay / digital_experience_platform	7.3-update28	7.3-update28.x
liferay / digital_experience_platform	7.3-update29	7.3-update29.x
liferay / digital_experience_platform	7.3-update3	7.3-update3.x
liferay / digital_experience_platform	7.3-update30	7.3-update30.x
liferay / digital_experience_platform	7.3-update31	7.3-update31.x
liferay / digital_experience_platform	7.3-update32	7.3-update32.x
liferay / digital_experience_platform	7.3-update33	7.3-update33.x
liferay / digital_experience_platform	7.3-update34	7.3-update34.x
liferay / digital_experience_platform	7.3-update35	7.3-update35.x
liferay / digital_experience_platform	7.3-update36	7.3-update36.x
liferay / digital_experience_platform	7.3-update4	7.3-update4.x
liferay / digital_experience_platform	7.3-update5	7.3-update5.x
liferay / digital_experience_platform	7.3-update6	7.3-update6.x
liferay / digital_experience_platform	7.3-update7	7.3-update7.x
liferay / digital_experience_platform	7.3-update8	7.3-update8.x
liferay / digital_experience_platform	7.3-update9	7.3-update9.x
liferay / digital_experience_platform	7.4	7.4.x
liferay / digital_experience_platform	2023.q3.1	2023.q3.1.x
liferay / digital_experience_platform	2023.q3.2	2023.q3.2.x
liferay / digital_experience_platform	2023.q3.3	2023.q3.3.x
liferay / digital_experience_platform	2023.q3.4	2023.q3.4.x
liferay / liferay_portal	7.3.7	7.4.3.104

Vulnerability Database

313,495

CVE-2025-62263

Deep Security Visibility Without the Complexity