Description

Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an attachment's filename.

Remediation

References

CVE-2025-62255

Related Vulnerabilities

XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-29924)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3385)

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0606)

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-38024)

WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)

Severity

Medium

Classification

CVE-2025-62255 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities