EUVD-2025-11485

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Stored cross-site scripting vulnerability in Liferay Portal allows JavaScript injection by attackers.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-3760	17 Apr 202514:49	–	circl
CNNVD	Liferay Portal 跨站脚本漏洞	17 Apr 202500:00	–	cnnvd
CVE	CVE-2025-3760	17 Apr 202512:53	–	cve
Cvelist	CVE-2025-3760	17 Apr 202512:53	–	cvelist
Github Security Blog	Liferay Cross-site Scripting vulnerability	17 Apr 202515:32	–	github
NVD	CVE-2025-3760	17 Apr 202513:15	–	nvd
OSV	CVE-2025-3760	17 Apr 202513:15	–	osv
OSV	GHSA-QHP6-VP7C-G7XP Liferay Cross-site Scripting vulnerability	17 Apr 202515:32	–	osv
Positive Technologies	PT-2025-16960 · Liferay · Liferay Dxp +1	17 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-3760	26 Apr 202500:46	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "fab73363-f678-3b15-bb8d-3c48243be236",
        "vendor": {
          "name": "Liferay"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "19057beb-1ac1-3420-a99f-02e831c5b41b",
        "product": {
          "name": "DXP"
        },
        "product_version": "7.2.10 ≤dxp-20"
      },
      {
        "id": "207f80ab-5d68-3fd0-88a4-328be758f49a",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q2.0 ≤2024.Q2.13"
      },
      {
        "id": "2b78a862-b669-3c1c-b10b-630e0992cc13",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q4.0 ≤2024.Q4.7"
      },
      {
        "id": "517ea722-217f-3792-8971-ebe8db4defbb",
        "product": {
          "name": "DXP"
        },
        "product_version": "2023.Q4.0 ≤2023.Q4.10"
      },
      {
        "id": "84a94c0f-a4ec-3234-8725-5d8e74e581c5",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q1.1 ≤2024.Q1.12"
      },
      {
        "id": "90ccb8be-f3b9-303b-b7f4-19e107d39d3e",
        "product": {
          "name": "DXP"
        },
        "product_version": "7.4.13 ≤7.4.13-u92"
      },
      {
        "id": "976a3ce6-5925-3b7f-9248-517692cb62a5",
        "product": {
          "name": "Portal"
        },
        "product_version": "7.0.0 ≤7.4.3.129"
      },
      {
        "id": "a10468d7-7ebc-351a-9b22-ac934f270137",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q3.1 ≤2024.Q3.9"
      },
      {
        "id": "bbb47688-6abe-3424-9066-c6aab24139c1",
        "product": {
          "name": "DXP"
        },
        "product_version": "7.3.10 ≤7.3.10-u36"
      },
      {
        "id": "c29bdce3-c953-391a-bfec-3fc606a6bc4d",
        "product": {
          "name": "DXP"
        },
        "product_version": "2023.Q3.1 ≤2023.Q3.10"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-3760
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760

03 Oct 2025 20:07Current

6.3Medium risk

Vulners AI Score6.3

CVSS 44.8

EPSS0.00157

SSVC