Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-dx8s-h424-efbz

Summary

Liferay Portal is vulnerable to XSS through its Calendar Events parameters
Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name or (3) Last Name text field.

Aliases

alias	CVE-2025-62240

alias	GHSA-5264-m964-7pg9

Fixed_packages

url	pkg:maven/com.liferay/com.liferay.calendar.web@5.0.88
purl	pkg:maven/com.liferay/com.liferay.calendar.web@5.0.88
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.88

Affected_packages

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.45

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.45

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.46

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.46

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.47

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.47

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.47

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.48

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.48

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.49

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.49

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.50

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.50

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.51

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.51

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.52

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.52

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.52

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.53

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.53

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.53

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.54

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.54

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.54

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.55

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.55

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.55

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.56

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.56

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.56

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.57

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.57

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.57

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.58

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.58

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.58

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.59

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.59

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.59

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.60

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.60

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.60

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.61

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.61

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.61

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.62

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.62

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.62

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.63

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.63

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.63

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.64

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.64

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.64

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.65

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.65

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.65

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.66

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.66

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.66

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.67

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.67

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.67

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.68

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.68

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.68

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.69

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.69

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.69

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.70

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.70

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.71

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.71

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.71

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.72

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.72

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.72

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.73

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.73

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.73

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.74

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.74

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.74

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.75

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.75

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.75

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.76

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.76

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.76

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.77

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.77

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.77

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.78

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.78

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.78

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.79

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.79

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.79

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.80

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.80

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.80

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.81

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.81

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.81

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.82

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.82

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.82

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.83

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.83

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.83

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.84

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.84

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.84

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.85

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.85

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.85

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.86

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.86

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

vulnerability	VCID-fg6h-28cu-17c5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.86

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.87

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.87

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.87

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62240

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09184
published_at	2026-06-08T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09243
published_at	2026-06-07T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09263
published_at	2026-06-06T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09244
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62240

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/961b569fbd9207c728a93d962e989dbc062f6fb6

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/961b569fbd9207c728a93d962e989dbc062f6fb6

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62240

reference_id

CVE-2025-62240

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T14:26:06Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62240

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-62240

reference_id

CVE-2025-62240

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-62240

reference_url

https://github.com/advisories/GHSA-5264-m964-7pg9

reference_id

GHSA-5264-m964-7pg9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5264-m964-7pg9

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx8s-h424-efbz

Vulnerability Instance