Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an attachment's filename.
Published: 2025-10-23
CVSS: 6.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Download Exploit for CVE-2025-62255 here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://augustaverburg.nl/exploit-174-cve-2025-41242/
https://augustaverburg.nl/exploit-858-cve-2025-61920/
https://augustaverburg.nl/exploit-773-cve-2017-7921/
https://augustaverburg.nl/exploit-809-cve-2023-33120/
https://augustaverburg.nl/exploit-144-cve-2016-9535/