Description

Cross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject arbitrary web script or HTML via the crafted input in a workflow definition.

Remediation

References

CVE-2025-62239

Related Vulnerabilities

XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-40572)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1501)

Oracle Database Server CVE-2015-2595 Vulnerability (CVE-2015-2595)

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-3166)

Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2017-5650)

Severity

Medium

Classification

CVE-2025-62239 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities