Description

Cross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject arbitrary web script or HTML via the crafted input in a workflow definition.

Remediation

References

CVE-2025-62239

Related Vulnerabilities

WordPress Plugin Abandoned Cart Lite for WooCommerce Cross-Site Request Forgery (5.8.5)

Moodle Cleartext Transmission of Sensitive Information Vulnerability (CVE-2024-43432)

WordPress Plugin ABASE Multiple Vulnerabilities (2.6)

Oracle Database Server CVE-2019-2569 Vulnerability (CVE-2019-2569)

WordPress Plugin WP No External Links Spam Injection (4.2.2)

Severity

Medium

Classification

CVE-2025-62239 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities