Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page

Multiple stored Cross-site Scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

CVE-2025-43822 is a stored XSS vulnerability affecting Liferay Portal and Liferay DXP. The issue arises when an attacker injects arbitrary web script or HTML into the Terms and Conditions Name field on the view order page, affecting Liferay Portal 7.4.3.15–7.4.3.111 and Liferay DXP releases 2023....

PT-2025-41193

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.15 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay versions 7.4 update 15 through update 92 Description The software contains multiple...