Liferay Portal 7.2.0 < 7.4.3.112 XSS

🗓️ 05 Nov 2025 00:00:00Reported by TenableType

XSS in Liferay Portal Blogs widget (7.2.0—7.4.3.112) via crafted iframe in content; sandbox attribute missing.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2025-62265	30 Oct 202520:05	–	circl
CNNVD	Liferay Portal和Liferay DXP 跨站脚本漏洞	30 Oct 202500:00	–	cnnvd
CVE	CVE-2025-62265	30 Oct 202518:30	–	cve
Cvelist	CVE-2025-62265	30 Oct 202518:30	–	cvelist
EUVD	EUVD-2025-37203	30 Oct 202521:30	–	euvd
Github Security Blog	Liferay Portal is vulnerable to XSS in the Blogs widget	30 Oct 202521:30	–	github
NVD	CVE-2025-62265	30 Oct 202519:16	–	nvd
OSV	CVE-2025-62265	30 Oct 202519:16	–	osv
OSV	GHSA-56JV-4WW3-65MW Liferay Portal is vulnerable to XSS in the Blogs widget	30 Oct 202521:30	–	osv
Positive Technologies	PT-2025-44448	30 Oct 202500:00	–	ptsecurity

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(272736);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/07");

  script_cve_id("CVE-2025-62265");
  script_xref(name:"IAVA", value:"2025-A-0811");

  script_name(english:"Liferay Portal 7.2.0 < 7.4.3.112 XSS");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal allows remote attackers to inject 
arbitrary web script or HTML via a crafted <iframe> injected into a blog entry's 'Content' text field. The Blogs 
widget does not add the sandbox attribute to <iframe> elements, which allows remote attackers to access the parent 
page via scripts and links in the frame page.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62265
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?07a7588c");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Liferay Portal 7.4.3.112 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-62265");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/11/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:liferay:liferay_portal");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("liferay_detect.nasl");
  script_require_keys("installed_sw/liferay_portal");
  script_exclude_keys("Settings/disable_cgi_scanning");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'liferay_portal');

var constraints = [
  { 'min_version':'7.2.0', 'fixed_version':'7.4.3.112' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING,
    flags:{'xss':TRUE}
);

07 Nov 2025 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.4

CVSS 44.8

EPSS0.00179

SSVC