216.73.216.128

CVE-2025-62264

· Published 31/10/2025 18:15 · Modified 31/10/2025 18:15

Labels: CVE-2025-62264 2025-10-31CVE-2025-62264CWE-79[email protected]

Essential information

Published
31/10/2025 18:15
Modified
31/10/2025 18:15
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId` parameter.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
liferay / liferay portal cpe:2.3:a:liferay:liferay_portal:7.4.3.8-7.4.3.111:*:*:*:*:*:*:*
liferay / liferay dxp cpe:2.3:a:liferay:liferay_dxp:2023.Q4.0-2023.Q4.10:*:*:*:*:*:*:*
liferay / liferay dxp cpe:2.3:a:liferay:liferay_dxp:2023.Q3.1-2023.Q3.10:*:*:*:*:*:*:*
liferay / liferay portal cpe:2.3:a:liferay:liferay_portal:7.4:4-92:*:*:*:*:*:*:*

References