Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.portal.bom@7.4.0
Typemaven
Namespacecom.liferay.portal
Namerelease.portal.bom
Version7.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1bjj-tjj8-pudd
vulnerability_id VCID-1bjj-tjj8-pudd
summary Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25603
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35883
published_at 2026-06-14T12:55:00Z
2
value 0.00152
scoring_system epss
scoring_elements 0.35874
published_at 2026-06-12T12:55:00Z
3
value 0.00152
scoring_system epss
scoring_elements 0.35896
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25603
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603
reference_id cve-2024-25603
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-15T15:56:27Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25603
reference_id CVE-2024-25603
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25603
4
reference_url https://github.com/advisories/GHSA-44jg-jgjx-3xg5
reference_id GHSA-44jg-jgjx-3xg5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44jg-jgjx-3xg5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d9qm-h8q2-sfda
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-g52h-8r1h-dfhe
30
vulnerability VCID-gfwc-qjpr-6fgf
31
vulnerability VCID-gngs-dm98-eqc2
32
vulnerability VCID-hqwn-t5mr-13ab
33
vulnerability VCID-hthn-qn9g-u3dv
34
vulnerability VCID-j2r3-g95d-hued
35
vulnerability VCID-jg5a-j9vb-f7hk
36
vulnerability VCID-jh4y-y7np-9fav
37
vulnerability VCID-k469-ety8-rqby
38
vulnerability VCID-k56t-ry18-zbg4
39
vulnerability VCID-kke1-d8nw-tyhj
40
vulnerability VCID-mmy3-eycu-q7bu
41
vulnerability VCID-p1dw-dttz-x7ee
42
vulnerability VCID-pcat-aa3f-kqeg
43
vulnerability VCID-ph25-5qgg-zfer
44
vulnerability VCID-ph4a-tj1g-ykc8
45
vulnerability VCID-rcmj-djgg-bqf7
46
vulnerability VCID-rjjs-an4q-6qaf
47
vulnerability VCID-ser9-x7zq-dqdv
48
vulnerability VCID-t2ys-d2mh-xygr
49
vulnerability VCID-twb2-9ane-tfdw
50
vulnerability VCID-u5rg-89bb-wbfy
51
vulnerability VCID-u9gz-jcnn-syby
52
vulnerability VCID-ughz-r7ds-6qfu
53
vulnerability VCID-uu4f-gvmj-7key
54
vulnerability VCID-uxjd-h6fd-sbgf
55
vulnerability VCID-vcth-rrmy-5qej
56
vulnerability VCID-vh4z-622g-j7d6
57
vulnerability VCID-w2a5-j7ew-mbet
58
vulnerability VCID-w71u-16bg-nke4
59
vulnerability VCID-whty-vwsm-t7gt
60
vulnerability VCID-xftu-6k5q-7ub6
61
vulnerability VCID-xvs7-58y1-3ybj
62
vulnerability VCID-xy7e-q9wh-fkh4
63
vulnerability VCID-y38f-84j9-fygf
64
vulnerability VCID-yagv-6mp3-v7hf
65
vulnerability VCID-yp7c-xgj7-s3h2
66
vulnerability VCID-zc53-8p5g-2kcv
67
vulnerability VCID-zkm4-bz55-9bb8
68
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
aliases CVE-2024-25603, GHSA-44jg-jgjx-3xg5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bjj-tjj8-pudd
1
url VCID-25ay-9z7s-47dg
vulnerability_id VCID-25ay-9z7s-47dg
summary Liferay Portal and Liferay DXP fails to check permissions to view sites/groups
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26595
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29564
published_at 2026-06-12T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.29362
published_at 2026-06-11T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29568
published_at 2026-06-14T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29582
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26595
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5b958de42d93f1ba5879a0a20054b14ad7f145c4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5b958de42d93f1ba5879a0a20054b14ad7f145c4
3
reference_url https://liferay.atlassian.net/issues/LPE-17367
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/issues/LPE-17367
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26595-unauthorized-access-to-site-group-list?p_r_p_assetEntryId=121612195&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612195%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26595-unauthorized-access-to-site-group-list?p_r_p_assetEntryId=121612195&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612195%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26595
reference_id CVE-2022-26595
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-26595
6
reference_url https://github.com/advisories/GHSA-822f-jfpg-hg7h
reference_id GHSA-822f-jfpg-hg7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-822f-jfpg-hg7h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
aliases CVE-2022-26595, GHSA-822f-jfpg-hg7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-25ay-9z7s-47dg
2
url VCID-48hp-m4m8-cqge
vulnerability_id VCID-48hp-m4m8-cqge
summary In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45373
published_at 2026-06-14T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.45385
published_at 2026-06-13T12:55:00Z
2
value 0.00224
scoring_system epss
scoring_elements 0.45224
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
3
reference_url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
4
reference_url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
reference_id cve-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:20:52Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
reference_id CVE-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
7
reference_url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
reference_id GHSA-2mvj-q2q3-wxjv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.26-ga26
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.26-ga26
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.26-ga26
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-493t-ab65-pff3
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5sft-4ab1-9kcg
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-73u9-6qzv-t7f7
12
vulnerability VCID-7bjy-2h8a-ukbe
13
vulnerability VCID-99sz-6eag-3kff
14
vulnerability VCID-a62g-s5j4-73fr
15
vulnerability VCID-beqe-x5p8-23b9
16
vulnerability VCID-c2hc-pbr7-2yhz
17
vulnerability VCID-d9qm-h8q2-sfda
18
vulnerability VCID-deaj-uts6-aqb5
19
vulnerability VCID-dztj-3hzz-3bcg
20
vulnerability VCID-eb9n-cwf1-fbga
21
vulnerability VCID-ep8t-7k2h-2kdp
22
vulnerability VCID-epds-vwku-cyed
23
vulnerability VCID-evtz-a8xn-e7b6
24
vulnerability VCID-ext6-8u2c-xufv
25
vulnerability VCID-f6z5-3pp9-7qey
26
vulnerability VCID-gfwc-qjpr-6fgf
27
vulnerability VCID-gngs-dm98-eqc2
28
vulnerability VCID-hqwn-t5mr-13ab
29
vulnerability VCID-hthn-qn9g-u3dv
30
vulnerability VCID-j2r3-g95d-hued
31
vulnerability VCID-jg5a-j9vb-f7hk
32
vulnerability VCID-k56t-ry18-zbg4
33
vulnerability VCID-kke1-d8nw-tyhj
34
vulnerability VCID-mmy3-eycu-q7bu
35
vulnerability VCID-p1dw-dttz-x7ee
36
vulnerability VCID-p3dp-ku5j-yke9
37
vulnerability VCID-ph25-5qgg-zfer
38
vulnerability VCID-rcmj-djgg-bqf7
39
vulnerability VCID-rjjs-an4q-6qaf
40
vulnerability VCID-ser9-x7zq-dqdv
41
vulnerability VCID-twb2-9ane-tfdw
42
vulnerability VCID-u5rg-89bb-wbfy
43
vulnerability VCID-u9gz-jcnn-syby
44
vulnerability VCID-vcth-rrmy-5qej
45
vulnerability VCID-vh4z-622g-j7d6
46
vulnerability VCID-w2a5-j7ew-mbet
47
vulnerability VCID-w71u-16bg-nke4
48
vulnerability VCID-whty-vwsm-t7gt
49
vulnerability VCID-xftu-6k5q-7ub6
50
vulnerability VCID-xvs7-58y1-3ybj
51
vulnerability VCID-y38f-84j9-fygf
52
vulnerability VCID-yagv-6mp3-v7hf
53
vulnerability VCID-yp7c-xgj7-s3h2
54
vulnerability VCID-zc53-8p5g-2kcv
55
vulnerability VCID-zkm4-bz55-9bb8
56
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27
aliases CVE-2024-26267, GHSA-2mvj-q2q3-wxjv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48hp-m4m8-cqge
3
url VCID-5gqq-m36a-53b6
vulnerability_id VCID-5gqq-m36a-53b6
summary Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25601
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35883
published_at 2026-06-14T12:55:00Z
2
value 0.00152
scoring_system epss
scoring_elements 0.35874
published_at 2026-06-12T12:55:00Z
3
value 0.00152
scoring_system epss
scoring_elements 0.35896
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25601
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601
reference_id cve-2024-25601
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T14:15:10Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25601
reference_id CVE-2024-25601
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25601
4
reference_url https://github.com/advisories/GHSA-cr36-3vqf-x5w5
reference_id GHSA-cr36-3vqf-x5w5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr36-3vqf-x5w5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5ytw-d875-3yfe
7
vulnerability VCID-69x9-5buz-1yht
8
vulnerability VCID-6f8z-s1fz-57b2
9
vulnerability VCID-6jsv-kw7h-9yeu
10
vulnerability VCID-6jw2-chce-suhn
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-7tdg-swnf-53cb
15
vulnerability VCID-88u7-stft-ebdh
16
vulnerability VCID-9u32-4n1x-77ce
17
vulnerability VCID-9v1n-scdh-a3du
18
vulnerability VCID-a62g-s5j4-73fr
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d3cx-1jmf-cfc4
22
vulnerability VCID-d9qm-h8q2-sfda
23
vulnerability VCID-eb9n-cwf1-fbga
24
vulnerability VCID-efzj-vsre-1ygm
25
vulnerability VCID-ep8t-7k2h-2kdp
26
vulnerability VCID-epds-vwku-cyed
27
vulnerability VCID-evtz-a8xn-e7b6
28
vulnerability VCID-ext6-8u2c-xufv
29
vulnerability VCID-f6z5-3pp9-7qey
30
vulnerability VCID-g52h-8r1h-dfhe
31
vulnerability VCID-gfwc-qjpr-6fgf
32
vulnerability VCID-gngs-dm98-eqc2
33
vulnerability VCID-hpqu-qfg1-rygw
34
vulnerability VCID-hqwn-t5mr-13ab
35
vulnerability VCID-hthn-qn9g-u3dv
36
vulnerability VCID-hvhc-kn1w-qkac
37
vulnerability VCID-jg5a-j9vb-f7hk
38
vulnerability VCID-jh4y-y7np-9fav
39
vulnerability VCID-k469-ety8-rqby
40
vulnerability VCID-kke1-d8nw-tyhj
41
vulnerability VCID-mmy3-eycu-q7bu
42
vulnerability VCID-mqut-n4an-x3cs
43
vulnerability VCID-mzzp-psnm-muhm
44
vulnerability VCID-p1dw-dttz-x7ee
45
vulnerability VCID-pcat-aa3f-kqeg
46
vulnerability VCID-ph25-5qgg-zfer
47
vulnerability VCID-ph4a-tj1g-ykc8
48
vulnerability VCID-rcmj-djgg-bqf7
49
vulnerability VCID-rjjs-an4q-6qaf
50
vulnerability VCID-ser9-x7zq-dqdv
51
vulnerability VCID-t2ys-d2mh-xygr
52
vulnerability VCID-trgc-963v-9ue4
53
vulnerability VCID-twb2-9ane-tfdw
54
vulnerability VCID-u5rg-89bb-wbfy
55
vulnerability VCID-u9gz-jcnn-syby
56
vulnerability VCID-ughz-r7ds-6qfu
57
vulnerability VCID-uu4f-gvmj-7key
58
vulnerability VCID-uxjd-h6fd-sbgf
59
vulnerability VCID-vcth-rrmy-5qej
60
vulnerability VCID-vh4z-622g-j7d6
61
vulnerability VCID-w2a5-j7ew-mbet
62
vulnerability VCID-w71u-16bg-nke4
63
vulnerability VCID-whty-vwsm-t7gt
64
vulnerability VCID-xftu-6k5q-7ub6
65
vulnerability VCID-xvs7-58y1-3ybj
66
vulnerability VCID-xy7e-q9wh-fkh4
67
vulnerability VCID-y38f-84j9-fygf
68
vulnerability VCID-yp7c-xgj7-s3h2
69
vulnerability VCID-zc53-8p5g-2kcv
70
vulnerability VCID-zkm4-bz55-9bb8
71
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
aliases CVE-2024-25601, GHSA-cr36-3vqf-x5w5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5gqq-m36a-53b6
4
url VCID-6e5j-scss-jucz
vulnerability_id VCID-6e5j-scss-jucz
summary Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41414
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42916
published_at 2026-06-12T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.42756
published_at 2026-06-11T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.42924
published_at 2026-06-14T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.42935
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41414
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/659c4422bd32b1db1a01a7f4a42b7702d512ffa2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/659c4422bd32b1db1a01a7f4a42b7702d512ffa2
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-01-insecure-defaults-auth-login-prompt-enabled?p_r_p_assetEntryId=121612026&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612026%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-01-insecure-defaults-auth-login-prompt-enabled?p_r_p_assetEntryId=121612026&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612026%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41414
reference_id CVE-2022-41414
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41414
5
reference_url https://github.com/advisories/GHSA-9427-7f65-88c8
reference_id GHSA-9427-7f65-88c8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9427-7f65-88c8
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5ytw-d875-3yfe
7
vulnerability VCID-69x9-5buz-1yht
8
vulnerability VCID-6f8z-s1fz-57b2
9
vulnerability VCID-6jsv-kw7h-9yeu
10
vulnerability VCID-6jw2-chce-suhn
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-7tdg-swnf-53cb
15
vulnerability VCID-88u7-stft-ebdh
16
vulnerability VCID-9u32-4n1x-77ce
17
vulnerability VCID-9v1n-scdh-a3du
18
vulnerability VCID-a62g-s5j4-73fr
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d3cx-1jmf-cfc4
22
vulnerability VCID-d9qm-h8q2-sfda
23
vulnerability VCID-eb9n-cwf1-fbga
24
vulnerability VCID-efzj-vsre-1ygm
25
vulnerability VCID-ep8t-7k2h-2kdp
26
vulnerability VCID-epds-vwku-cyed
27
vulnerability VCID-evtz-a8xn-e7b6
28
vulnerability VCID-ext6-8u2c-xufv
29
vulnerability VCID-f6z5-3pp9-7qey
30
vulnerability VCID-g52h-8r1h-dfhe
31
vulnerability VCID-gfwc-qjpr-6fgf
32
vulnerability VCID-gngs-dm98-eqc2
33
vulnerability VCID-hpqu-qfg1-rygw
34
vulnerability VCID-hqwn-t5mr-13ab
35
vulnerability VCID-hthn-qn9g-u3dv
36
vulnerability VCID-hvhc-kn1w-qkac
37
vulnerability VCID-jg5a-j9vb-f7hk
38
vulnerability VCID-jh4y-y7np-9fav
39
vulnerability VCID-k469-ety8-rqby
40
vulnerability VCID-kke1-d8nw-tyhj
41
vulnerability VCID-mmy3-eycu-q7bu
42
vulnerability VCID-mqut-n4an-x3cs
43
vulnerability VCID-mzzp-psnm-muhm
44
vulnerability VCID-p1dw-dttz-x7ee
45
vulnerability VCID-pcat-aa3f-kqeg
46
vulnerability VCID-ph25-5qgg-zfer
47
vulnerability VCID-ph4a-tj1g-ykc8
48
vulnerability VCID-rcmj-djgg-bqf7
49
vulnerability VCID-rjjs-an4q-6qaf
50
vulnerability VCID-ser9-x7zq-dqdv
51
vulnerability VCID-t2ys-d2mh-xygr
52
vulnerability VCID-trgc-963v-9ue4
53
vulnerability VCID-twb2-9ane-tfdw
54
vulnerability VCID-u5rg-89bb-wbfy
55
vulnerability VCID-u9gz-jcnn-syby
56
vulnerability VCID-ughz-r7ds-6qfu
57
vulnerability VCID-uu4f-gvmj-7key
58
vulnerability VCID-uxjd-h6fd-sbgf
59
vulnerability VCID-vcth-rrmy-5qej
60
vulnerability VCID-vh4z-622g-j7d6
61
vulnerability VCID-w2a5-j7ew-mbet
62
vulnerability VCID-w71u-16bg-nke4
63
vulnerability VCID-whty-vwsm-t7gt
64
vulnerability VCID-xftu-6k5q-7ub6
65
vulnerability VCID-xvs7-58y1-3ybj
66
vulnerability VCID-xy7e-q9wh-fkh4
67
vulnerability VCID-y38f-84j9-fygf
68
vulnerability VCID-yp7c-xgj7-s3h2
69
vulnerability VCID-zc53-8p5g-2kcv
70
vulnerability VCID-zkm4-bz55-9bb8
71
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
aliases CVE-2022-41414, GHSA-9427-7f65-88c8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6e5j-scss-jucz
5
url VCID-6jsv-kw7h-9yeu
vulnerability_id VCID-6jsv-kw7h-9yeu
summary The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38002
reference_id
reference_type
scores
0
value 0.04275
scoring_system epss
scoring_elements 0.89122
published_at 2026-06-12T12:55:00Z
1
value 0.04275
scoring_system epss
scoring_elements 0.89084
published_at 2026-06-11T12:55:00Z
2
value 0.04275
scoring_system epss
scoring_elements 0.89129
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38002
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38002
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38002
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002
reference_id CVE-2024-38002
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:21:03Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002
4
reference_url https://github.com/advisories/GHSA-3mfq-fp2f-vwqh
reference_id GHSA-3mfq-fp2f-vwqh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mfq-fp2f-vwqh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2024-38002, GHSA-3mfq-fp2f-vwqh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jsv-kw7h-9yeu
6
url VCID-6jw2-chce-suhn
vulnerability_id VCID-6jw2-chce-suhn
summary The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25607
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27316
published_at 2026-06-11T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27524
published_at 2026-06-14T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.27518
published_at 2026-06-12T12:55:00Z
3
value 0.00101
scoring_system epss
scoring_elements 0.27541
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25607
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607
reference_id cve-2024-25607
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-20T13:27:04Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25607
reference_id CVE-2024-25607
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25607
4
reference_url https://github.com/advisories/GHSA-43h9-p3j4-39hm
reference_id GHSA-43h9-p3j4-39hm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43h9-p3j4-39hm
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-9u32-4n1x-77ce
15
vulnerability VCID-9v1n-scdh-a3du
16
vulnerability VCID-a62g-s5j4-73fr
17
vulnerability VCID-beqe-x5p8-23b9
18
vulnerability VCID-c2hc-pbr7-2yhz
19
vulnerability VCID-d9qm-h8q2-sfda
20
vulnerability VCID-deaj-uts6-aqb5
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-efzj-vsre-1ygm
23
vulnerability VCID-ep8t-7k2h-2kdp
24
vulnerability VCID-epds-vwku-cyed
25
vulnerability VCID-evtz-a8xn-e7b6
26
vulnerability VCID-ext6-8u2c-xufv
27
vulnerability VCID-f6z5-3pp9-7qey
28
vulnerability VCID-gfwc-qjpr-6fgf
29
vulnerability VCID-gngs-dm98-eqc2
30
vulnerability VCID-hqwn-t5mr-13ab
31
vulnerability VCID-hthn-qn9g-u3dv
32
vulnerability VCID-j2r3-g95d-hued
33
vulnerability VCID-jg5a-j9vb-f7hk
34
vulnerability VCID-k56t-ry18-zbg4
35
vulnerability VCID-kke1-d8nw-tyhj
36
vulnerability VCID-mmy3-eycu-q7bu
37
vulnerability VCID-p1dw-dttz-x7ee
38
vulnerability VCID-p3dp-ku5j-yke9
39
vulnerability VCID-pcat-aa3f-kqeg
40
vulnerability VCID-ph25-5qgg-zfer
41
vulnerability VCID-rcmj-djgg-bqf7
42
vulnerability VCID-rjjs-an4q-6qaf
43
vulnerability VCID-ser9-x7zq-dqdv
44
vulnerability VCID-twb2-9ane-tfdw
45
vulnerability VCID-u5rg-89bb-wbfy
46
vulnerability VCID-u9gz-jcnn-syby
47
vulnerability VCID-ughz-r7ds-6qfu
48
vulnerability VCID-vcth-rrmy-5qej
49
vulnerability VCID-vh4z-622g-j7d6
50
vulnerability VCID-w2a5-j7ew-mbet
51
vulnerability VCID-w71u-16bg-nke4
52
vulnerability VCID-whty-vwsm-t7gt
53
vulnerability VCID-xftu-6k5q-7ub6
54
vulnerability VCID-xvs7-58y1-3ybj
55
vulnerability VCID-y38f-84j9-fygf
56
vulnerability VCID-yagv-6mp3-v7hf
57
vulnerability VCID-yp7c-xgj7-s3h2
58
vulnerability VCID-zc53-8p5g-2kcv
59
vulnerability VCID-zkm4-bz55-9bb8
60
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14
aliases CVE-2024-25607, GHSA-43h9-p3j4-39hm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jw2-chce-suhn
7
url VCID-72my-1zwg-a7hx
vulnerability_id VCID-72my-1zwg-a7hx
summary The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25144
reference_id
reference_type
scores
0
value 0.00318
scoring_system epss
scoring_elements 0.5536
published_at 2026-06-12T12:55:00Z
1
value 0.00318
scoring_system epss
scoring_elements 0.55363
published_at 2026-06-14T12:55:00Z
2
value 0.00318
scoring_system epss
scoring_elements 0.55238
published_at 2026-06-11T12:55:00Z
3
value 0.00318
scoring_system epss
scoring_elements 0.55376
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25144
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144
reference_id cve-2024-25144
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:11:12Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25144
reference_id CVE-2024-25144
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25144
4
reference_url https://github.com/advisories/GHSA-w275-m8cr-hf2v
reference_id GHSA-w275-m8cr-hf2v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w275-m8cr-hf2v
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-493t-ab65-pff3
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5sft-4ab1-9kcg
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-73u9-6qzv-t7f7
12
vulnerability VCID-7bjy-2h8a-ukbe
13
vulnerability VCID-99sz-6eag-3kff
14
vulnerability VCID-a62g-s5j4-73fr
15
vulnerability VCID-beqe-x5p8-23b9
16
vulnerability VCID-c2hc-pbr7-2yhz
17
vulnerability VCID-d9qm-h8q2-sfda
18
vulnerability VCID-deaj-uts6-aqb5
19
vulnerability VCID-dztj-3hzz-3bcg
20
vulnerability VCID-eb9n-cwf1-fbga
21
vulnerability VCID-ep8t-7k2h-2kdp
22
vulnerability VCID-epds-vwku-cyed
23
vulnerability VCID-evtz-a8xn-e7b6
24
vulnerability VCID-ext6-8u2c-xufv
25
vulnerability VCID-f6z5-3pp9-7qey
26
vulnerability VCID-gfwc-qjpr-6fgf
27
vulnerability VCID-gngs-dm98-eqc2
28
vulnerability VCID-hqwn-t5mr-13ab
29
vulnerability VCID-hthn-qn9g-u3dv
30
vulnerability VCID-j2r3-g95d-hued
31
vulnerability VCID-jg5a-j9vb-f7hk
32
vulnerability VCID-k56t-ry18-zbg4
33
vulnerability VCID-kke1-d8nw-tyhj
34
vulnerability VCID-mmy3-eycu-q7bu
35
vulnerability VCID-p1dw-dttz-x7ee
36
vulnerability VCID-p3dp-ku5j-yke9
37
vulnerability VCID-ph25-5qgg-zfer
38
vulnerability VCID-rcmj-djgg-bqf7
39
vulnerability VCID-rjjs-an4q-6qaf
40
vulnerability VCID-ser9-x7zq-dqdv
41
vulnerability VCID-twb2-9ane-tfdw
42
vulnerability VCID-u5rg-89bb-wbfy
43
vulnerability VCID-u9gz-jcnn-syby
44
vulnerability VCID-vcth-rrmy-5qej
45
vulnerability VCID-vh4z-622g-j7d6
46
vulnerability VCID-w2a5-j7ew-mbet
47
vulnerability VCID-w71u-16bg-nke4
48
vulnerability VCID-whty-vwsm-t7gt
49
vulnerability VCID-xftu-6k5q-7ub6
50
vulnerability VCID-xvs7-58y1-3ybj
51
vulnerability VCID-y38f-84j9-fygf
52
vulnerability VCID-yagv-6mp3-v7hf
53
vulnerability VCID-yp7c-xgj7-s3h2
54
vulnerability VCID-zc53-8p5g-2kcv
55
vulnerability VCID-zkm4-bz55-9bb8
56
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27
aliases CVE-2024-25144, GHSA-w275-m8cr-hf2v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72my-1zwg-a7hx
8
url VCID-7ffj-jw2k-m3a6
vulnerability_id VCID-7ffj-jw2k-m3a6
summary Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33938
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54198
published_at 2026-06-13T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54185
published_at 2026-06-14T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.54054
published_at 2026-06-11T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.5418
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33938
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33938
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33938
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938
reference_id cve-2023-33938
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:46:09Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938
4
reference_url https://github.com/advisories/GHSA-wvhw-5m89-64gv
reference_id GHSA-wvhw-5m89-64gv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wvhw-5m89-64gv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5gqq-m36a-53b6
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6e5j-scss-jucz
10
vulnerability VCID-6f8z-s1fz-57b2
11
vulnerability VCID-6jsv-kw7h-9yeu
12
vulnerability VCID-6jw2-chce-suhn
13
vulnerability VCID-72my-1zwg-a7hx
14
vulnerability VCID-73u9-6qzv-t7f7
15
vulnerability VCID-7bjy-2h8a-ukbe
16
vulnerability VCID-7tdg-swnf-53cb
17
vulnerability VCID-88u7-stft-ebdh
18
vulnerability VCID-9u32-4n1x-77ce
19
vulnerability VCID-9v1n-scdh-a3du
20
vulnerability VCID-a62g-s5j4-73fr
21
vulnerability VCID-ank8-p9qa-9udx
22
vulnerability VCID-c2hc-pbr7-2yhz
23
vulnerability VCID-cn1e-v8j7-mfhp
24
vulnerability VCID-d3cx-1jmf-cfc4
25
vulnerability VCID-d9qm-h8q2-sfda
26
vulnerability VCID-eb9n-cwf1-fbga
27
vulnerability VCID-ed9v-m3q5-6yaq
28
vulnerability VCID-efzj-vsre-1ygm
29
vulnerability VCID-ep8t-7k2h-2kdp
30
vulnerability VCID-epds-vwku-cyed
31
vulnerability VCID-evtz-a8xn-e7b6
32
vulnerability VCID-ext6-8u2c-xufv
33
vulnerability VCID-f6z5-3pp9-7qey
34
vulnerability VCID-g52h-8r1h-dfhe
35
vulnerability VCID-gfwc-qjpr-6fgf
36
vulnerability VCID-gngs-dm98-eqc2
37
vulnerability VCID-hpqu-qfg1-rygw
38
vulnerability VCID-hqwn-t5mr-13ab
39
vulnerability VCID-hthn-qn9g-u3dv
40
vulnerability VCID-hvhc-kn1w-qkac
41
vulnerability VCID-jg5a-j9vb-f7hk
42
vulnerability VCID-jh4y-y7np-9fav
43
vulnerability VCID-k469-ety8-rqby
44
vulnerability VCID-kke1-d8nw-tyhj
45
vulnerability VCID-mmy3-eycu-q7bu
46
vulnerability VCID-mqut-n4an-x3cs
47
vulnerability VCID-mzzp-psnm-muhm
48
vulnerability VCID-n634-fspx-judk
49
vulnerability VCID-p1dw-dttz-x7ee
50
vulnerability VCID-pcat-aa3f-kqeg
51
vulnerability VCID-ph25-5qgg-zfer
52
vulnerability VCID-ph4a-tj1g-ykc8
53
vulnerability VCID-qztv-899y-sbb8
54
vulnerability VCID-rcmj-djgg-bqf7
55
vulnerability VCID-rjjs-an4q-6qaf
56
vulnerability VCID-ser9-x7zq-dqdv
57
vulnerability VCID-t2ys-d2mh-xygr
58
vulnerability VCID-tgpb-tps9-wfd5
59
vulnerability VCID-trgc-963v-9ue4
60
vulnerability VCID-twb2-9ane-tfdw
61
vulnerability VCID-u5rg-89bb-wbfy
62
vulnerability VCID-u9gz-jcnn-syby
63
vulnerability VCID-ughz-r7ds-6qfu
64
vulnerability VCID-umd8-9ypn-zkdk
65
vulnerability VCID-uu4f-gvmj-7key
66
vulnerability VCID-uxjd-h6fd-sbgf
67
vulnerability VCID-vcth-rrmy-5qej
68
vulnerability VCID-vh4z-622g-j7d6
69
vulnerability VCID-w2a5-j7ew-mbet
70
vulnerability VCID-w71u-16bg-nke4
71
vulnerability VCID-whty-vwsm-t7gt
72
vulnerability VCID-xftu-6k5q-7ub6
73
vulnerability VCID-xvs7-58y1-3ybj
74
vulnerability VCID-xy7e-q9wh-fkh4
75
vulnerability VCID-y38f-84j9-fygf
76
vulnerability VCID-yp7c-xgj7-s3h2
77
vulnerability VCID-zc53-8p5g-2kcv
78
vulnerability VCID-zkm4-bz55-9bb8
79
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.1
aliases CVE-2023-33938, GHSA-wvhw-5m89-64gv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ffj-jw2k-m3a6
9
url VCID-88u7-stft-ebdh
vulnerability_id VCID-88u7-stft-ebdh
summary HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28977
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66969
published_at 2026-06-14T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66862
published_at 2026-06-11T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.66955
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28977
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/242e8bcabe3e8767799d3d1e6c021a75b4ada11b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/242e8bcabe3e8767799d3d1e6c021a75b4ada11b
3
reference_url https://github.com/liferay/liferay-portal/commit/6389885476414d3cd9e3092b4708906a5bdc8a48
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/6389885476414d3cd9e3092b4708906a5bdc8a48
4
reference_url https://github.com/liferay/liferay-portal/commit/8aa3fd76f34d1a4562bd5b4f82931a0a124e31a8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8aa3fd76f34d1a4562bd5b4f82931a0a124e31a8
5
reference_url https://liferay.atlassian.net/browse/LPE-17327
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17327
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28977?p_r_p_assetEntryId=121612261&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612261%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28977?p_r_p_assetEntryId=121612261&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612261%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28977
reference_id CVE-2022-28977
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28977
8
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
reference_id cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:00:44Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
9
reference_url https://web.archive.org/web/20220922060039/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
reference_id CVE-2022-28977-HTMLUTIL.ESCAPEREDIRECT-CIRCUMVENTION-WITH-MULTIPLE-FORWARD-SLASH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220922060039/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
10
reference_url https://github.com/advisories/GHSA-w397-9p2j-6x23
reference_id GHSA-w397-9p2j-6x23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w397-9p2j-6x23
11
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:00:44Z/
url http://liferay.com
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j2r3-g95d-hued
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d9qm-h8q2-sfda
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-g52h-8r1h-dfhe
30
vulnerability VCID-gfwc-qjpr-6fgf
31
vulnerability VCID-gngs-dm98-eqc2
32
vulnerability VCID-hqwn-t5mr-13ab
33
vulnerability VCID-hthn-qn9g-u3dv
34
vulnerability VCID-j2r3-g95d-hued
35
vulnerability VCID-jg5a-j9vb-f7hk
36
vulnerability VCID-jh4y-y7np-9fav
37
vulnerability VCID-k469-ety8-rqby
38
vulnerability VCID-k56t-ry18-zbg4
39
vulnerability VCID-kke1-d8nw-tyhj
40
vulnerability VCID-mmy3-eycu-q7bu
41
vulnerability VCID-p1dw-dttz-x7ee
42
vulnerability VCID-pcat-aa3f-kqeg
43
vulnerability VCID-ph25-5qgg-zfer
44
vulnerability VCID-ph4a-tj1g-ykc8
45
vulnerability VCID-rcmj-djgg-bqf7
46
vulnerability VCID-rjjs-an4q-6qaf
47
vulnerability VCID-ser9-x7zq-dqdv
48
vulnerability VCID-t2ys-d2mh-xygr
49
vulnerability VCID-twb2-9ane-tfdw
50
vulnerability VCID-u5rg-89bb-wbfy
51
vulnerability VCID-u9gz-jcnn-syby
52
vulnerability VCID-ughz-r7ds-6qfu
53
vulnerability VCID-uu4f-gvmj-7key
54
vulnerability VCID-uxjd-h6fd-sbgf
55
vulnerability VCID-vcth-rrmy-5qej
56
vulnerability VCID-vh4z-622g-j7d6
57
vulnerability VCID-w2a5-j7ew-mbet
58
vulnerability VCID-w71u-16bg-nke4
59
vulnerability VCID-whty-vwsm-t7gt
60
vulnerability VCID-xftu-6k5q-7ub6
61
vulnerability VCID-xvs7-58y1-3ybj
62
vulnerability VCID-xy7e-q9wh-fkh4
63
vulnerability VCID-y38f-84j9-fygf
64
vulnerability VCID-yagv-6mp3-v7hf
65
vulnerability VCID-yp7c-xgj7-s3h2
66
vulnerability VCID-zc53-8p5g-2kcv
67
vulnerability VCID-zkm4-bz55-9bb8
68
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
aliases CVE-2022-28977, GHSA-w397-9p2j-6x23
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-88u7-stft-ebdh
10
url VCID-9u32-4n1x-77ce
vulnerability_id VCID-9u32-4n1x-77ce
summary HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
reference_id
reference_type
scores
0
value 0.1765
scoring_system epss
scoring_elements 0.95251
published_at 2026-06-11T12:55:00Z
1
value 0.1765
scoring_system epss
scoring_elements 0.95273
published_at 2026-06-14T12:55:00Z
2
value 0.1765
scoring_system epss
scoring_elements 0.95266
published_at 2026-06-12T12:55:00Z
3
value 0.1765
scoring_system epss
scoring_elements 0.95271
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
3
reference_url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
reference_id cve-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:50:15Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
reference_id CVE-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
6
reference_url https://github.com/advisories/GHSA-548x-j6x6-hcv4
reference_id GHSA-548x-j6x6-hcv4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-548x-j6x6-hcv4
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19-ga19
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19-ga19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19-ga19
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.20
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-99sz-6eag-3kff
15
vulnerability VCID-a62g-s5j4-73fr
16
vulnerability VCID-beqe-x5p8-23b9
17
vulnerability VCID-c2hc-pbr7-2yhz
18
vulnerability VCID-d9qm-h8q2-sfda
19
vulnerability VCID-deaj-uts6-aqb5
20
vulnerability VCID-dztj-3hzz-3bcg
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-ep8t-7k2h-2kdp
23
vulnerability VCID-epds-vwku-cyed
24
vulnerability VCID-evtz-a8xn-e7b6
25
vulnerability VCID-ext6-8u2c-xufv
26
vulnerability VCID-f6z5-3pp9-7qey
27
vulnerability VCID-gfwc-qjpr-6fgf
28
vulnerability VCID-gngs-dm98-eqc2
29
vulnerability VCID-hqwn-t5mr-13ab
30
vulnerability VCID-hthn-qn9g-u3dv
31
vulnerability VCID-j2r3-g95d-hued
32
vulnerability VCID-jg5a-j9vb-f7hk
33
vulnerability VCID-k56t-ry18-zbg4
34
vulnerability VCID-kke1-d8nw-tyhj
35
vulnerability VCID-mmy3-eycu-q7bu
36
vulnerability VCID-p1dw-dttz-x7ee
37
vulnerability VCID-p3dp-ku5j-yke9
38
vulnerability VCID-ph25-5qgg-zfer
39
vulnerability VCID-rcmj-djgg-bqf7
40
vulnerability VCID-rjjs-an4q-6qaf
41
vulnerability VCID-ser9-x7zq-dqdv
42
vulnerability VCID-twb2-9ane-tfdw
43
vulnerability VCID-u5rg-89bb-wbfy
44
vulnerability VCID-u9gz-jcnn-syby
45
vulnerability VCID-vcth-rrmy-5qej
46
vulnerability VCID-vh4z-622g-j7d6
47
vulnerability VCID-w2a5-j7ew-mbet
48
vulnerability VCID-w71u-16bg-nke4
49
vulnerability VCID-whty-vwsm-t7gt
50
vulnerability VCID-xftu-6k5q-7ub6
51
vulnerability VCID-xvs7-58y1-3ybj
52
vulnerability VCID-y38f-84j9-fygf
53
vulnerability VCID-yagv-6mp3-v7hf
54
vulnerability VCID-yp7c-xgj7-s3h2
55
vulnerability VCID-zc53-8p5g-2kcv
56
vulnerability VCID-zkm4-bz55-9bb8
57
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.20
aliases CVE-2024-25608, GHSA-548x-j6x6-hcv4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u32-4n1x-77ce
11
url VCID-9v1n-scdh-a3du
vulnerability_id VCID-9v1n-scdh-a3du
summary Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45320
reference_id
reference_type
scores
0
value 0.00362
scoring_system epss
scoring_elements 0.58797
published_at 2026-06-12T12:55:00Z
1
value 0.00362
scoring_system epss
scoring_elements 0.58801
published_at 2026-06-14T12:55:00Z
2
value 0.00362
scoring_system epss
scoring_elements 0.58686
published_at 2026-06-11T12:55:00Z
3
value 0.00362
scoring_system epss
scoring_elements 0.58812
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45320
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320
reference_id cve-2022-45320
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:24:47Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45320
reference_id CVE-2022-45320
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45320
5
reference_url https://github.com/advisories/GHSA-mc8m-4r3w-q2hw
reference_id GHSA-mc8m-4r3w-q2hw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mc8m-4r3w-q2hw
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-9u32-4n1x-77ce
15
vulnerability VCID-a62g-s5j4-73fr
16
vulnerability VCID-beqe-x5p8-23b9
17
vulnerability VCID-c2hc-pbr7-2yhz
18
vulnerability VCID-d9qm-h8q2-sfda
19
vulnerability VCID-deaj-uts6-aqb5
20
vulnerability VCID-dztj-3hzz-3bcg
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-ep8t-7k2h-2kdp
23
vulnerability VCID-epds-vwku-cyed
24
vulnerability VCID-evtz-a8xn-e7b6
25
vulnerability VCID-ext6-8u2c-xufv
26
vulnerability VCID-f6z5-3pp9-7qey
27
vulnerability VCID-gfwc-qjpr-6fgf
28
vulnerability VCID-gngs-dm98-eqc2
29
vulnerability VCID-hqwn-t5mr-13ab
30
vulnerability VCID-hthn-qn9g-u3dv
31
vulnerability VCID-j2r3-g95d-hued
32
vulnerability VCID-jg5a-j9vb-f7hk
33
vulnerability VCID-k56t-ry18-zbg4
34
vulnerability VCID-kke1-d8nw-tyhj
35
vulnerability VCID-mmy3-eycu-q7bu
36
vulnerability VCID-p1dw-dttz-x7ee
37
vulnerability VCID-p3dp-ku5j-yke9
38
vulnerability VCID-pcat-aa3f-kqeg
39
vulnerability VCID-ph25-5qgg-zfer
40
vulnerability VCID-rcmj-djgg-bqf7
41
vulnerability VCID-rjjs-an4q-6qaf
42
vulnerability VCID-ser9-x7zq-dqdv
43
vulnerability VCID-twb2-9ane-tfdw
44
vulnerability VCID-u5rg-89bb-wbfy
45
vulnerability VCID-u9gz-jcnn-syby
46
vulnerability VCID-ughz-r7ds-6qfu
47
vulnerability VCID-vcth-rrmy-5qej
48
vulnerability VCID-vh4z-622g-j7d6
49
vulnerability VCID-w2a5-j7ew-mbet
50
vulnerability VCID-w71u-16bg-nke4
51
vulnerability VCID-whty-vwsm-t7gt
52
vulnerability VCID-xftu-6k5q-7ub6
53
vulnerability VCID-xvs7-58y1-3ybj
54
vulnerability VCID-y38f-84j9-fygf
55
vulnerability VCID-yagv-6mp3-v7hf
56
vulnerability VCID-yp7c-xgj7-s3h2
57
vulnerability VCID-zc53-8p5g-2kcv
58
vulnerability VCID-zkm4-bz55-9bb8
59
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16
aliases CVE-2022-45320, GHSA-mc8m-4r3w-q2hw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v1n-scdh-a3du
12
url VCID-a62g-s5j4-73fr
vulnerability_id VCID-a62g-s5j4-73fr
summary User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54091
published_at 2026-06-11T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54221
published_at 2026-06-14T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.54216
published_at 2026-06-12T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.54233
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
3
reference_url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
reference_id cve-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:17:11Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
reference_id CVE-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
6
reference_url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
reference_id GHSA-qm43-g2xj-hvg5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.28
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-493t-ab65-pff3
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5sft-4ab1-9kcg
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-73u9-6qzv-t7f7
12
vulnerability VCID-7bjy-2h8a-ukbe
13
vulnerability VCID-99sz-6eag-3kff
14
vulnerability VCID-beqe-x5p8-23b9
15
vulnerability VCID-c2hc-pbr7-2yhz
16
vulnerability VCID-d9qm-h8q2-sfda
17
vulnerability VCID-deaj-uts6-aqb5
18
vulnerability VCID-dztj-3hzz-3bcg
19
vulnerability VCID-eb9n-cwf1-fbga
20
vulnerability VCID-ep8t-7k2h-2kdp
21
vulnerability VCID-epds-vwku-cyed
22
vulnerability VCID-evtz-a8xn-e7b6
23
vulnerability VCID-ext6-8u2c-xufv
24
vulnerability VCID-f6z5-3pp9-7qey
25
vulnerability VCID-gfwc-qjpr-6fgf
26
vulnerability VCID-gngs-dm98-eqc2
27
vulnerability VCID-hqwn-t5mr-13ab
28
vulnerability VCID-hthn-qn9g-u3dv
29
vulnerability VCID-j2r3-g95d-hued
30
vulnerability VCID-jg5a-j9vb-f7hk
31
vulnerability VCID-k56t-ry18-zbg4
32
vulnerability VCID-kke1-d8nw-tyhj
33
vulnerability VCID-mmy3-eycu-q7bu
34
vulnerability VCID-p1dw-dttz-x7ee
35
vulnerability VCID-p3dp-ku5j-yke9
36
vulnerability VCID-ph25-5qgg-zfer
37
vulnerability VCID-rcmj-djgg-bqf7
38
vulnerability VCID-rjjs-an4q-6qaf
39
vulnerability VCID-ser9-x7zq-dqdv
40
vulnerability VCID-twb2-9ane-tfdw
41
vulnerability VCID-u5rg-89bb-wbfy
42
vulnerability VCID-u9gz-jcnn-syby
43
vulnerability VCID-vcth-rrmy-5qej
44
vulnerability VCID-vh4z-622g-j7d6
45
vulnerability VCID-w2a5-j7ew-mbet
46
vulnerability VCID-w71u-16bg-nke4
47
vulnerability VCID-whty-vwsm-t7gt
48
vulnerability VCID-xftu-6k5q-7ub6
49
vulnerability VCID-xvs7-58y1-3ybj
50
vulnerability VCID-y38f-84j9-fygf
51
vulnerability VCID-yagv-6mp3-v7hf
52
vulnerability VCID-yp7c-xgj7-s3h2
53
vulnerability VCID-zc53-8p5g-2kcv
54
vulnerability VCID-zkm4-bz55-9bb8
55
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.28
aliases CVE-2024-26268, GHSA-qm43-g2xj-hvg5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a62g-s5j4-73fr
13
url VCID-ank8-p9qa-9udx
vulnerability_id VCID-ank8-p9qa-9udx
summary Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25146
reference_id
reference_type
scores
0
value 0.00388
scoring_system epss
scoring_elements 0.60295
published_at 2026-06-11T12:55:00Z
1
value 0.00388
scoring_system epss
scoring_elements 0.60406
published_at 2026-06-14T12:55:00Z
2
value 0.00388
scoring_system epss
scoring_elements 0.60413
published_at 2026-06-13T12:55:00Z
3
value 0.00388
scoring_system epss
scoring_elements 0.60402
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25146
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146
reference_id cve-2024-25146
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25146
reference_id CVE-2024-25146
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25146
4
reference_url https://github.com/advisories/GHSA-mqf8-4cqm-p83x
reference_id GHSA-mqf8-4cqm-p83x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqf8-4cqm-p83x
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5gqq-m36a-53b6
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6e5j-scss-jucz
10
vulnerability VCID-6f8z-s1fz-57b2
11
vulnerability VCID-6jsv-kw7h-9yeu
12
vulnerability VCID-6jw2-chce-suhn
13
vulnerability VCID-72my-1zwg-a7hx
14
vulnerability VCID-73u9-6qzv-t7f7
15
vulnerability VCID-7bjy-2h8a-ukbe
16
vulnerability VCID-7tdg-swnf-53cb
17
vulnerability VCID-88u7-stft-ebdh
18
vulnerability VCID-9u32-4n1x-77ce
19
vulnerability VCID-9v1n-scdh-a3du
20
vulnerability VCID-a62g-s5j4-73fr
21
vulnerability VCID-c2hc-pbr7-2yhz
22
vulnerability VCID-cn1e-v8j7-mfhp
23
vulnerability VCID-d3cx-1jmf-cfc4
24
vulnerability VCID-d9qm-h8q2-sfda
25
vulnerability VCID-eb9n-cwf1-fbga
26
vulnerability VCID-ed9v-m3q5-6yaq
27
vulnerability VCID-efzj-vsre-1ygm
28
vulnerability VCID-ep8t-7k2h-2kdp
29
vulnerability VCID-epds-vwku-cyed
30
vulnerability VCID-evtz-a8xn-e7b6
31
vulnerability VCID-ext6-8u2c-xufv
32
vulnerability VCID-f6z5-3pp9-7qey
33
vulnerability VCID-g52h-8r1h-dfhe
34
vulnerability VCID-gfwc-qjpr-6fgf
35
vulnerability VCID-gngs-dm98-eqc2
36
vulnerability VCID-hpqu-qfg1-rygw
37
vulnerability VCID-hqwn-t5mr-13ab
38
vulnerability VCID-hthn-qn9g-u3dv
39
vulnerability VCID-hvhc-kn1w-qkac
40
vulnerability VCID-jg5a-j9vb-f7hk
41
vulnerability VCID-jh4y-y7np-9fav
42
vulnerability VCID-k469-ety8-rqby
43
vulnerability VCID-kke1-d8nw-tyhj
44
vulnerability VCID-mmy3-eycu-q7bu
45
vulnerability VCID-mqut-n4an-x3cs
46
vulnerability VCID-mzzp-psnm-muhm
47
vulnerability VCID-n634-fspx-judk
48
vulnerability VCID-p1dw-dttz-x7ee
49
vulnerability VCID-pcat-aa3f-kqeg
50
vulnerability VCID-ph25-5qgg-zfer
51
vulnerability VCID-ph4a-tj1g-ykc8
52
vulnerability VCID-rcmj-djgg-bqf7
53
vulnerability VCID-rjjs-an4q-6qaf
54
vulnerability VCID-ser9-x7zq-dqdv
55
vulnerability VCID-t2ys-d2mh-xygr
56
vulnerability VCID-tgpb-tps9-wfd5
57
vulnerability VCID-trgc-963v-9ue4
58
vulnerability VCID-twb2-9ane-tfdw
59
vulnerability VCID-u5rg-89bb-wbfy
60
vulnerability VCID-u9gz-jcnn-syby
61
vulnerability VCID-ughz-r7ds-6qfu
62
vulnerability VCID-uu4f-gvmj-7key
63
vulnerability VCID-uxjd-h6fd-sbgf
64
vulnerability VCID-vcth-rrmy-5qej
65
vulnerability VCID-vh4z-622g-j7d6
66
vulnerability VCID-w2a5-j7ew-mbet
67
vulnerability VCID-w71u-16bg-nke4
68
vulnerability VCID-whty-vwsm-t7gt
69
vulnerability VCID-xftu-6k5q-7ub6
70
vulnerability VCID-xvs7-58y1-3ybj
71
vulnerability VCID-xy7e-q9wh-fkh4
72
vulnerability VCID-y38f-84j9-fygf
73
vulnerability VCID-yp7c-xgj7-s3h2
74
vulnerability VCID-zc53-8p5g-2kcv
75
vulnerability VCID-zkm4-bz55-9bb8
76
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2
aliases CVE-2024-25146, GHSA-mqf8-4cqm-p83x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ank8-p9qa-9udx
14
url VCID-cn1e-v8j7-mfhp
vulnerability_id VCID-cn1e-v8j7-mfhp
summary Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25604
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25574
published_at 2026-06-12T12:55:00Z
1
value 0.00089
scoring_system epss
scoring_elements 0.25577
published_at 2026-06-14T12:55:00Z
2
value 0.00089
scoring_system epss
scoring_elements 0.25376
published_at 2026-06-11T12:55:00Z
3
value 0.00089
scoring_system epss
scoring_elements 0.25592
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25604
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724
3
reference_url https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604
reference_id cve-2024-25604
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:38:45Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25604
reference_id CVE-2024-25604
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25604
6
reference_url https://github.com/advisories/GHSA-pw7p-3648-qqmg
reference_id GHSA-pw7p-3648-qqmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pw7p-3648-qqmg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-d9qm-h8q2-sfda
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-efzj-vsre-1ygm
23
vulnerability VCID-ep8t-7k2h-2kdp
24
vulnerability VCID-epds-vwku-cyed
25
vulnerability VCID-evtz-a8xn-e7b6
26
vulnerability VCID-ext6-8u2c-xufv
27
vulnerability VCID-f6z5-3pp9-7qey
28
vulnerability VCID-g52h-8r1h-dfhe
29
vulnerability VCID-gfwc-qjpr-6fgf
30
vulnerability VCID-gngs-dm98-eqc2
31
vulnerability VCID-hqwn-t5mr-13ab
32
vulnerability VCID-hthn-qn9g-u3dv
33
vulnerability VCID-j2r3-g95d-hued
34
vulnerability VCID-jg5a-j9vb-f7hk
35
vulnerability VCID-jh4y-y7np-9fav
36
vulnerability VCID-k56t-ry18-zbg4
37
vulnerability VCID-kke1-d8nw-tyhj
38
vulnerability VCID-mmy3-eycu-q7bu
39
vulnerability VCID-p1dw-dttz-x7ee
40
vulnerability VCID-pcat-aa3f-kqeg
41
vulnerability VCID-ph25-5qgg-zfer
42
vulnerability VCID-ph4a-tj1g-ykc8
43
vulnerability VCID-rcmj-djgg-bqf7
44
vulnerability VCID-rjjs-an4q-6qaf
45
vulnerability VCID-ser9-x7zq-dqdv
46
vulnerability VCID-twb2-9ane-tfdw
47
vulnerability VCID-u5rg-89bb-wbfy
48
vulnerability VCID-u9gz-jcnn-syby
49
vulnerability VCID-ughz-r7ds-6qfu
50
vulnerability VCID-uu4f-gvmj-7key
51
vulnerability VCID-uxjd-h6fd-sbgf
52
vulnerability VCID-vcth-rrmy-5qej
53
vulnerability VCID-vh4z-622g-j7d6
54
vulnerability VCID-w2a5-j7ew-mbet
55
vulnerability VCID-w71u-16bg-nke4
56
vulnerability VCID-whty-vwsm-t7gt
57
vulnerability VCID-xftu-6k5q-7ub6
58
vulnerability VCID-xvs7-58y1-3ybj
59
vulnerability VCID-xy7e-q9wh-fkh4
60
vulnerability VCID-y38f-84j9-fygf
61
vulnerability VCID-yagv-6mp3-v7hf
62
vulnerability VCID-yp7c-xgj7-s3h2
63
vulnerability VCID-zc53-8p5g-2kcv
64
vulnerability VCID-zkm4-bz55-9bb8
65
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6
aliases CVE-2024-25604, GHSA-pw7p-3648-qqmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cn1e-v8j7-mfhp
15
url VCID-d3cx-1jmf-cfc4
vulnerability_id VCID-d3cx-1jmf-cfc4
summary The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25151
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.6268
published_at 2026-06-11T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62789
published_at 2026-06-14T12:55:00Z
2
value 0.00426
scoring_system epss
scoring_elements 0.62794
published_at 2026-06-13T12:55:00Z
3
value 0.00426
scoring_system epss
scoring_elements 0.62782
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25151
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151
reference_id cve-2024-25151
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:59:16Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25151
reference_id CVE-2024-25151
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25151
4
reference_url https://github.com/advisories/GHSA-hgr6-6hhw-883f
reference_id GHSA-hgr6-6hhw-883f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgr6-6hhw-883f
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-39dv-ngxr-vbaj
2
vulnerability VCID-3cm9-v7g5-kfcn
3
vulnerability VCID-48hp-m4m8-cqge
4
vulnerability VCID-493t-ab65-pff3
5
vulnerability VCID-4m1t-nd28-43b2
6
vulnerability VCID-55fq-h94e-kuep
7
vulnerability VCID-5rce-t9wm-4ycx
8
vulnerability VCID-5ytw-d875-3yfe
9
vulnerability VCID-69x9-5buz-1yht
10
vulnerability VCID-6f8z-s1fz-57b2
11
vulnerability VCID-6jsv-kw7h-9yeu
12
vulnerability VCID-6jw2-chce-suhn
13
vulnerability VCID-72my-1zwg-a7hx
14
vulnerability VCID-73u9-6qzv-t7f7
15
vulnerability VCID-7bjy-2h8a-ukbe
16
vulnerability VCID-7tdg-swnf-53cb
17
vulnerability VCID-88u7-stft-ebdh
18
vulnerability VCID-9u32-4n1x-77ce
19
vulnerability VCID-9v1n-scdh-a3du
20
vulnerability VCID-a62g-s5j4-73fr
21
vulnerability VCID-beqe-x5p8-23b9
22
vulnerability VCID-c2hc-pbr7-2yhz
23
vulnerability VCID-cn1e-v8j7-mfhp
24
vulnerability VCID-d9qm-h8q2-sfda
25
vulnerability VCID-eb9n-cwf1-fbga
26
vulnerability VCID-efzj-vsre-1ygm
27
vulnerability VCID-ep8t-7k2h-2kdp
28
vulnerability VCID-epds-vwku-cyed
29
vulnerability VCID-evtz-a8xn-e7b6
30
vulnerability VCID-ext6-8u2c-xufv
31
vulnerability VCID-f6z5-3pp9-7qey
32
vulnerability VCID-g52h-8r1h-dfhe
33
vulnerability VCID-gfwc-qjpr-6fgf
34
vulnerability VCID-gngs-dm98-eqc2
35
vulnerability VCID-hpqu-qfg1-rygw
36
vulnerability VCID-hqwn-t5mr-13ab
37
vulnerability VCID-hthn-qn9g-u3dv
38
vulnerability VCID-hvhc-kn1w-qkac
39
vulnerability VCID-jg5a-j9vb-f7hk
40
vulnerability VCID-jh4y-y7np-9fav
41
vulnerability VCID-k469-ety8-rqby
42
vulnerability VCID-kke1-d8nw-tyhj
43
vulnerability VCID-mmy3-eycu-q7bu
44
vulnerability VCID-mqut-n4an-x3cs
45
vulnerability VCID-mzzp-psnm-muhm
46
vulnerability VCID-p1dw-dttz-x7ee
47
vulnerability VCID-pcat-aa3f-kqeg
48
vulnerability VCID-ph25-5qgg-zfer
49
vulnerability VCID-ph4a-tj1g-ykc8
50
vulnerability VCID-rcmj-djgg-bqf7
51
vulnerability VCID-rjjs-an4q-6qaf
52
vulnerability VCID-ser9-x7zq-dqdv
53
vulnerability VCID-t2ys-d2mh-xygr
54
vulnerability VCID-twb2-9ane-tfdw
55
vulnerability VCID-u5rg-89bb-wbfy
56
vulnerability VCID-u9gz-jcnn-syby
57
vulnerability VCID-ughz-r7ds-6qfu
58
vulnerability VCID-uu4f-gvmj-7key
59
vulnerability VCID-uxjd-h6fd-sbgf
60
vulnerability VCID-vcth-rrmy-5qej
61
vulnerability VCID-vh4z-622g-j7d6
62
vulnerability VCID-w2a5-j7ew-mbet
63
vulnerability VCID-w71u-16bg-nke4
64
vulnerability VCID-whty-vwsm-t7gt
65
vulnerability VCID-xftu-6k5q-7ub6
66
vulnerability VCID-xvs7-58y1-3ybj
67
vulnerability VCID-xy7e-q9wh-fkh4
68
vulnerability VCID-y38f-84j9-fygf
69
vulnerability VCID-yp7c-xgj7-s3h2
70
vulnerability VCID-zc53-8p5g-2kcv
71
vulnerability VCID-zkm4-bz55-9bb8
72
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4
aliases CVE-2024-25151, GHSA-hgr6-6hhw-883f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3cx-1jmf-cfc4
16
url VCID-ed9v-m3q5-6yaq
vulnerability_id VCID-ed9v-m3q5-6yaq
summary Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25602
reference_id
reference_type
scores
0
value 0.00458
scoring_system epss
scoring_elements 0.64421
published_at 2026-06-11T12:55:00Z
1
value 0.00458
scoring_system epss
scoring_elements 0.64531
published_at 2026-06-14T12:55:00Z
2
value 0.00458
scoring_system epss
scoring_elements 0.64523
published_at 2026-06-12T12:55:00Z
3
value 0.00458
scoring_system epss
scoring_elements 0.64536
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25602
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602
reference_id cve-2024-25602
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:23:34Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25602
reference_id CVE-2024-25602
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25602
4
reference_url https://github.com/advisories/GHSA-v2xq-m22w-jmpr
reference_id GHSA-v2xq-m22w-jmpr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v2xq-m22w-jmpr
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5ytw-d875-3yfe
7
vulnerability VCID-69x9-5buz-1yht
8
vulnerability VCID-6f8z-s1fz-57b2
9
vulnerability VCID-6jsv-kw7h-9yeu
10
vulnerability VCID-6jw2-chce-suhn
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-7tdg-swnf-53cb
15
vulnerability VCID-88u7-stft-ebdh
16
vulnerability VCID-9u32-4n1x-77ce
17
vulnerability VCID-9v1n-scdh-a3du
18
vulnerability VCID-a62g-s5j4-73fr
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d3cx-1jmf-cfc4
22
vulnerability VCID-d9qm-h8q2-sfda
23
vulnerability VCID-eb9n-cwf1-fbga
24
vulnerability VCID-efzj-vsre-1ygm
25
vulnerability VCID-ep8t-7k2h-2kdp
26
vulnerability VCID-epds-vwku-cyed
27
vulnerability VCID-evtz-a8xn-e7b6
28
vulnerability VCID-ext6-8u2c-xufv
29
vulnerability VCID-f6z5-3pp9-7qey
30
vulnerability VCID-g52h-8r1h-dfhe
31
vulnerability VCID-gfwc-qjpr-6fgf
32
vulnerability VCID-gngs-dm98-eqc2
33
vulnerability VCID-hpqu-qfg1-rygw
34
vulnerability VCID-hqwn-t5mr-13ab
35
vulnerability VCID-hthn-qn9g-u3dv
36
vulnerability VCID-hvhc-kn1w-qkac
37
vulnerability VCID-jg5a-j9vb-f7hk
38
vulnerability VCID-jh4y-y7np-9fav
39
vulnerability VCID-k469-ety8-rqby
40
vulnerability VCID-kke1-d8nw-tyhj
41
vulnerability VCID-mmy3-eycu-q7bu
42
vulnerability VCID-mqut-n4an-x3cs
43
vulnerability VCID-mzzp-psnm-muhm
44
vulnerability VCID-p1dw-dttz-x7ee
45
vulnerability VCID-pcat-aa3f-kqeg
46
vulnerability VCID-ph25-5qgg-zfer
47
vulnerability VCID-ph4a-tj1g-ykc8
48
vulnerability VCID-rcmj-djgg-bqf7
49
vulnerability VCID-rjjs-an4q-6qaf
50
vulnerability VCID-ser9-x7zq-dqdv
51
vulnerability VCID-t2ys-d2mh-xygr
52
vulnerability VCID-trgc-963v-9ue4
53
vulnerability VCID-twb2-9ane-tfdw
54
vulnerability VCID-u5rg-89bb-wbfy
55
vulnerability VCID-u9gz-jcnn-syby
56
vulnerability VCID-ughz-r7ds-6qfu
57
vulnerability VCID-uu4f-gvmj-7key
58
vulnerability VCID-uxjd-h6fd-sbgf
59
vulnerability VCID-vcth-rrmy-5qej
60
vulnerability VCID-vh4z-622g-j7d6
61
vulnerability VCID-w2a5-j7ew-mbet
62
vulnerability VCID-w71u-16bg-nke4
63
vulnerability VCID-whty-vwsm-t7gt
64
vulnerability VCID-xftu-6k5q-7ub6
65
vulnerability VCID-xvs7-58y1-3ybj
66
vulnerability VCID-xy7e-q9wh-fkh4
67
vulnerability VCID-y38f-84j9-fygf
68
vulnerability VCID-yp7c-xgj7-s3h2
69
vulnerability VCID-zc53-8p5g-2kcv
70
vulnerability VCID-zkm4-bz55-9bb8
71
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
aliases CVE-2024-25602, GHSA-v2xq-m22w-jmpr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ed9v-m3q5-6yaq
17
url VCID-efzj-vsre-1ygm
vulnerability_id VCID-efzj-vsre-1ygm
summary The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26265
reference_id
reference_type
scores
0
value 0.00688
scoring_system epss
scoring_elements 0.72311
published_at 2026-06-13T12:55:00Z
1
value 0.00688
scoring_system epss
scoring_elements 0.72305
published_at 2026-06-14T12:55:00Z
2
value 0.00688
scoring_system epss
scoring_elements 0.72215
published_at 2026-06-11T12:55:00Z
3
value 0.00688
scoring_system epss
scoring_elements 0.72298
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26265
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265
reference_id cve-2024-26265
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:41:28Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26265
reference_id CVE-2024-26265
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26265
4
reference_url https://github.com/advisories/GHSA-29xx-fhff-36m7
reference_id GHSA-29xx-fhff-36m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29xx-fhff-36m7
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-9u32-4n1x-77ce
15
vulnerability VCID-a62g-s5j4-73fr
16
vulnerability VCID-beqe-x5p8-23b9
17
vulnerability VCID-c2hc-pbr7-2yhz
18
vulnerability VCID-d9qm-h8q2-sfda
19
vulnerability VCID-deaj-uts6-aqb5
20
vulnerability VCID-dztj-3hzz-3bcg
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-ep8t-7k2h-2kdp
23
vulnerability VCID-epds-vwku-cyed
24
vulnerability VCID-evtz-a8xn-e7b6
25
vulnerability VCID-ext6-8u2c-xufv
26
vulnerability VCID-f6z5-3pp9-7qey
27
vulnerability VCID-gfwc-qjpr-6fgf
28
vulnerability VCID-gngs-dm98-eqc2
29
vulnerability VCID-hqwn-t5mr-13ab
30
vulnerability VCID-hthn-qn9g-u3dv
31
vulnerability VCID-j2r3-g95d-hued
32
vulnerability VCID-jg5a-j9vb-f7hk
33
vulnerability VCID-k56t-ry18-zbg4
34
vulnerability VCID-kke1-d8nw-tyhj
35
vulnerability VCID-mmy3-eycu-q7bu
36
vulnerability VCID-p1dw-dttz-x7ee
37
vulnerability VCID-p3dp-ku5j-yke9
38
vulnerability VCID-pcat-aa3f-kqeg
39
vulnerability VCID-ph25-5qgg-zfer
40
vulnerability VCID-rcmj-djgg-bqf7
41
vulnerability VCID-rjjs-an4q-6qaf
42
vulnerability VCID-ser9-x7zq-dqdv
43
vulnerability VCID-twb2-9ane-tfdw
44
vulnerability VCID-u5rg-89bb-wbfy
45
vulnerability VCID-u9gz-jcnn-syby
46
vulnerability VCID-ughz-r7ds-6qfu
47
vulnerability VCID-vcth-rrmy-5qej
48
vulnerability VCID-vh4z-622g-j7d6
49
vulnerability VCID-w2a5-j7ew-mbet
50
vulnerability VCID-w71u-16bg-nke4
51
vulnerability VCID-whty-vwsm-t7gt
52
vulnerability VCID-xftu-6k5q-7ub6
53
vulnerability VCID-xvs7-58y1-3ybj
54
vulnerability VCID-y38f-84j9-fygf
55
vulnerability VCID-yagv-6mp3-v7hf
56
vulnerability VCID-yp7c-xgj7-s3h2
57
vulnerability VCID-zc53-8p5g-2kcv
58
vulnerability VCID-zkm4-bz55-9bb8
59
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16
aliases CVE-2024-26265, GHSA-29xx-fhff-36m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-efzj-vsre-1ygm
18
url VCID-epds-vwku-cyed
vulnerability_id VCID-epds-vwku-cyed
summary A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3760
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36505
published_at 2026-06-13T12:55:00Z
1
value 0.00157
scoring_system epss
scoring_elements 0.36493
published_at 2026-06-14T12:55:00Z
2
value 0.00157
scoring_system epss
scoring_elements 0.36299
published_at 2026-06-11T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.3648
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3760
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3760
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3760
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760
reference_id CVE-2025-3760
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:22:03Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760
4
reference_url https://github.com/advisories/GHSA-qhp6-vp7c-g7xp
reference_id GHSA-qhp6-vp7c-g7xp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qhp6-vp7c-g7xp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-beqe-x5p8-23b9
4
vulnerability VCID-c2hc-pbr7-2yhz
5
vulnerability VCID-d9qm-h8q2-sfda
6
vulnerability VCID-ep8t-7k2h-2kdp
7
vulnerability VCID-f6z5-3pp9-7qey
8
vulnerability VCID-jpgh-rqqn-x7ge
9
vulnerability VCID-kke1-d8nw-tyhj
10
vulnerability VCID-mmy3-eycu-q7bu
11
vulnerability VCID-ph25-5qgg-zfer
12
vulnerability VCID-rcmj-djgg-bqf7
13
vulnerability VCID-vcth-rrmy-5qej
14
vulnerability VCID-w2a5-j7ew-mbet
15
vulnerability VCID-xftu-6k5q-7ub6
16
vulnerability VCID-xvs7-58y1-3ybj
17
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
aliases CVE-2025-3760, GHSA-qhp6-vp7c-g7xp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epds-vwku-cyed
19
url VCID-evtz-a8xn-e7b6
vulnerability_id VCID-evtz-a8xn-e7b6
summary Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26273
reference_id
reference_type
scores
0
value 0.02193
scoring_system epss
scoring_elements 0.8481
published_at 2026-06-12T12:55:00Z
1
value 0.02193
scoring_system epss
scoring_elements 0.84811
published_at 2026-06-14T12:55:00Z
2
value 0.02193
scoring_system epss
scoring_elements 0.84758
published_at 2026-06-11T12:55:00Z
3
value 0.02193
scoring_system epss
scoring_elements 0.84819
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26273
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26273
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26273
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26273
reference_id CVE-2024-26273
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:18:21Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26273
4
reference_url https://github.com/advisories/GHSA-hmrx-6pr5-hpwj
reference_id GHSA-hmrx-6pr5-hpwj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hmrx-6pr5-hpwj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.104
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.104
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-9seq-71yb-tfcf
11
vulnerability VCID-beqe-x5p8-23b9
12
vulnerability VCID-c2hc-pbr7-2yhz
13
vulnerability VCID-d9qm-h8q2-sfda
14
vulnerability VCID-dztj-3hzz-3bcg
15
vulnerability VCID-eb9n-cwf1-fbga
16
vulnerability VCID-ep8t-7k2h-2kdp
17
vulnerability VCID-epds-vwku-cyed
18
vulnerability VCID-f6z5-3pp9-7qey
19
vulnerability VCID-gfwc-qjpr-6fgf
20
vulnerability VCID-hthn-qn9g-u3dv
21
vulnerability VCID-j2r3-g95d-hued
22
vulnerability VCID-k7dn-nb9d-ckdk
23
vulnerability VCID-kke1-d8nw-tyhj
24
vulnerability VCID-mmy3-eycu-q7bu
25
vulnerability VCID-p1dw-dttz-x7ee
26
vulnerability VCID-p3dp-ku5j-yke9
27
vulnerability VCID-ph25-5qgg-zfer
28
vulnerability VCID-qxsh-hm7q-5ban
29
vulnerability VCID-rcmj-djgg-bqf7
30
vulnerability VCID-tgj6-8vhq-23ae
31
vulnerability VCID-tkws-gscx-pff6
32
vulnerability VCID-twb2-9ane-tfdw
33
vulnerability VCID-u5rg-89bb-wbfy
34
vulnerability VCID-u9gz-jcnn-syby
35
vulnerability VCID-vcth-rrmy-5qej
36
vulnerability VCID-w2a5-j7ew-mbet
37
vulnerability VCID-w71u-16bg-nke4
38
vulnerability VCID-whty-vwsm-t7gt
39
vulnerability VCID-xftu-6k5q-7ub6
40
vulnerability VCID-xvs7-58y1-3ybj
41
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.104
aliases CVE-2024-26273, GHSA-hmrx-6pr5-hpwj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evtz-a8xn-e7b6
20
url VCID-g52h-8r1h-dfhe
vulnerability_id VCID-g52h-8r1h-dfhe
summary Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35883
published_at 2026-06-14T12:55:00Z
2
value 0.00152
scoring_system epss
scoring_elements 0.35874
published_at 2026-06-12T12:55:00Z
3
value 0.00152
scoring_system epss
scoring_elements 0.35896
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
reference_id cve-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-08T17:02:17Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
reference_id CVE-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
4
reference_url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
reference_id GHSA-9vgq-w5pv-v77q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.12
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-d9qm-h8q2-sfda
21
vulnerability VCID-deaj-uts6-aqb5
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-gfwc-qjpr-6fgf
30
vulnerability VCID-gngs-dm98-eqc2
31
vulnerability VCID-hqwn-t5mr-13ab
32
vulnerability VCID-hthn-qn9g-u3dv
33
vulnerability VCID-j2r3-g95d-hued
34
vulnerability VCID-jg5a-j9vb-f7hk
35
vulnerability VCID-jh4y-y7np-9fav
36
vulnerability VCID-k56t-ry18-zbg4
37
vulnerability VCID-kke1-d8nw-tyhj
38
vulnerability VCID-mmy3-eycu-q7bu
39
vulnerability VCID-p1dw-dttz-x7ee
40
vulnerability VCID-p3dp-ku5j-yke9
41
vulnerability VCID-pcat-aa3f-kqeg
42
vulnerability VCID-ph25-5qgg-zfer
43
vulnerability VCID-ph4a-tj1g-ykc8
44
vulnerability VCID-rcmj-djgg-bqf7
45
vulnerability VCID-rjjs-an4q-6qaf
46
vulnerability VCID-ser9-x7zq-dqdv
47
vulnerability VCID-twb2-9ane-tfdw
48
vulnerability VCID-u5rg-89bb-wbfy
49
vulnerability VCID-u9gz-jcnn-syby
50
vulnerability VCID-ughz-r7ds-6qfu
51
vulnerability VCID-uu4f-gvmj-7key
52
vulnerability VCID-uxjd-h6fd-sbgf
53
vulnerability VCID-vcth-rrmy-5qej
54
vulnerability VCID-vh4z-622g-j7d6
55
vulnerability VCID-w2a5-j7ew-mbet
56
vulnerability VCID-w71u-16bg-nke4
57
vulnerability VCID-whty-vwsm-t7gt
58
vulnerability VCID-xftu-6k5q-7ub6
59
vulnerability VCID-xvs7-58y1-3ybj
60
vulnerability VCID-y38f-84j9-fygf
61
vulnerability VCID-yagv-6mp3-v7hf
62
vulnerability VCID-yp7c-xgj7-s3h2
63
vulnerability VCID-zc53-8p5g-2kcv
64
vulnerability VCID-zkm4-bz55-9bb8
65
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.12
aliases CVE-2024-25145, GHSA-9vgq-w5pv-v77q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g52h-8r1h-dfhe
21
url VCID-gngs-dm98-eqc2
vulnerability_id VCID-gngs-dm98-eqc2
summary Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-11993
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38976
published_at 2026-06-12T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.3899
published_at 2026-06-14T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.38804
published_at 2026-06-11T12:55:00Z
3
value 0.00175
scoring_system epss
scoring_elements 0.38999
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-11993
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-11993
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-11993
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993
reference_id CVE-2024-11993
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:24:48Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993
4
reference_url https://github.com/advisories/GHSA-4hxr-28mv-q729
reference_id GHSA-4hxr-28mv-q729
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4hxr-28mv-q729
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.39
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-493t-ab65-pff3
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5sft-4ab1-9kcg
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-73u9-6qzv-t7f7
12
vulnerability VCID-7bjy-2h8a-ukbe
13
vulnerability VCID-99sz-6eag-3kff
14
vulnerability VCID-beqe-x5p8-23b9
15
vulnerability VCID-c2hc-pbr7-2yhz
16
vulnerability VCID-d9qm-h8q2-sfda
17
vulnerability VCID-deaj-uts6-aqb5
18
vulnerability VCID-dztj-3hzz-3bcg
19
vulnerability VCID-eb9n-cwf1-fbga
20
vulnerability VCID-ep8t-7k2h-2kdp
21
vulnerability VCID-epds-vwku-cyed
22
vulnerability VCID-evtz-a8xn-e7b6
23
vulnerability VCID-ext6-8u2c-xufv
24
vulnerability VCID-f6z5-3pp9-7qey
25
vulnerability VCID-gfwc-qjpr-6fgf
26
vulnerability VCID-hqwn-t5mr-13ab
27
vulnerability VCID-hthn-qn9g-u3dv
28
vulnerability VCID-j2r3-g95d-hued
29
vulnerability VCID-k56t-ry18-zbg4
30
vulnerability VCID-kke1-d8nw-tyhj
31
vulnerability VCID-mmy3-eycu-q7bu
32
vulnerability VCID-p1dw-dttz-x7ee
33
vulnerability VCID-p3dp-ku5j-yke9
34
vulnerability VCID-ph25-5qgg-zfer
35
vulnerability VCID-rcmj-djgg-bqf7
36
vulnerability VCID-ser9-x7zq-dqdv
37
vulnerability VCID-tkws-gscx-pff6
38
vulnerability VCID-twb2-9ane-tfdw
39
vulnerability VCID-u5rg-89bb-wbfy
40
vulnerability VCID-u9gz-jcnn-syby
41
vulnerability VCID-vcth-rrmy-5qej
42
vulnerability VCID-w2a5-j7ew-mbet
43
vulnerability VCID-w71u-16bg-nke4
44
vulnerability VCID-whty-vwsm-t7gt
45
vulnerability VCID-xftu-6k5q-7ub6
46
vulnerability VCID-xvs7-58y1-3ybj
47
vulnerability VCID-y38f-84j9-fygf
48
vulnerability VCID-zc53-8p5g-2kcv
49
vulnerability VCID-zkm4-bz55-9bb8
50
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.39
aliases CVE-2024-11993, GHSA-4hxr-28mv-q729
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gngs-dm98-eqc2
22
url VCID-hpqu-qfg1-rygw
vulnerability_id VCID-hpqu-qfg1-rygw
summary The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42130
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.5587
published_at 2026-06-11T12:55:00Z
1
value 0.00324
scoring_system epss
scoring_elements 0.55993
published_at 2026-06-14T12:55:00Z
2
value 0.00324
scoring_system epss
scoring_elements 0.55991
published_at 2026-06-12T12:55:00Z
3
value 0.00324
scoring_system epss
scoring_elements 0.56006
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42130
1
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130
reference_id cve-2022-42130
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42130
reference_id CVE-2022-42130
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42130
3
reference_url https://github.com/advisories/GHSA-mxvq-cv4x-p3jw
reference_id GHSA-mxvq-cv4x-p3jw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mxvq-cv4x-p3jw
4
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/
url http://liferay.com
5
reference_url https://issues.liferay.com/browse/LPE-17447
reference_id LPE-17447
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/
url https://issues.liferay.com/browse/LPE-17447
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d9qm-h8q2-sfda
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-g52h-8r1h-dfhe
30
vulnerability VCID-gfwc-qjpr-6fgf
31
vulnerability VCID-gngs-dm98-eqc2
32
vulnerability VCID-hqwn-t5mr-13ab
33
vulnerability VCID-hthn-qn9g-u3dv
34
vulnerability VCID-j2r3-g95d-hued
35
vulnerability VCID-jg5a-j9vb-f7hk
36
vulnerability VCID-jh4y-y7np-9fav
37
vulnerability VCID-k469-ety8-rqby
38
vulnerability VCID-k56t-ry18-zbg4
39
vulnerability VCID-kke1-d8nw-tyhj
40
vulnerability VCID-mmy3-eycu-q7bu
41
vulnerability VCID-p1dw-dttz-x7ee
42
vulnerability VCID-pcat-aa3f-kqeg
43
vulnerability VCID-ph25-5qgg-zfer
44
vulnerability VCID-ph4a-tj1g-ykc8
45
vulnerability VCID-rcmj-djgg-bqf7
46
vulnerability VCID-rjjs-an4q-6qaf
47
vulnerability VCID-ser9-x7zq-dqdv
48
vulnerability VCID-t2ys-d2mh-xygr
49
vulnerability VCID-twb2-9ane-tfdw
50
vulnerability VCID-u5rg-89bb-wbfy
51
vulnerability VCID-u9gz-jcnn-syby
52
vulnerability VCID-ughz-r7ds-6qfu
53
vulnerability VCID-uu4f-gvmj-7key
54
vulnerability VCID-uxjd-h6fd-sbgf
55
vulnerability VCID-vcth-rrmy-5qej
56
vulnerability VCID-vh4z-622g-j7d6
57
vulnerability VCID-w2a5-j7ew-mbet
58
vulnerability VCID-w71u-16bg-nke4
59
vulnerability VCID-whty-vwsm-t7gt
60
vulnerability VCID-xftu-6k5q-7ub6
61
vulnerability VCID-xvs7-58y1-3ybj
62
vulnerability VCID-xy7e-q9wh-fkh4
63
vulnerability VCID-y38f-84j9-fygf
64
vulnerability VCID-yagv-6mp3-v7hf
65
vulnerability VCID-yp7c-xgj7-s3h2
66
vulnerability VCID-zc53-8p5g-2kcv
67
vulnerability VCID-zkm4-bz55-9bb8
68
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
aliases CVE-2022-42130, GHSA-mxvq-cv4x-p3jw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpqu-qfg1-rygw
23
url VCID-hthn-qn9g-u3dv
vulnerability_id VCID-hthn-qn9g-u3dv
summary A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43735
reference_id
reference_type
scores
0
value 0.00208
scoring_system epss
scoring_elements 0.43428
published_at 2026-06-14T12:55:00Z
1
value 0.00208
scoring_system epss
scoring_elements 0.43261
published_at 2026-06-11T12:55:00Z
2
value 0.00208
scoring_system epss
scoring_elements 0.43437
published_at 2026-06-13T12:55:00Z
3
value 0.00208
scoring_system epss
scoring_elements 0.43418
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43735
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/64d19e457ffc9876fd159a907741618843d7aadb
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/64d19e457ffc9876fd159a907741618843d7aadb
3
reference_url https://liferay.atlassian.net/browse/LPE-18158
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18158
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43735
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43735
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43735
reference_id CVE-2025-43735
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-12T13:31:05Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43735
6
reference_url https://github.com/advisories/GHSA-222w-xmc5-jhp3
reference_id GHSA-222w-xmc5-jhp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-222w-xmc5-jhp3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-beqe-x5p8-23b9
4
vulnerability VCID-c2hc-pbr7-2yhz
5
vulnerability VCID-d9qm-h8q2-sfda
6
vulnerability VCID-ep8t-7k2h-2kdp
7
vulnerability VCID-f6z5-3pp9-7qey
8
vulnerability VCID-jpgh-rqqn-x7ge
9
vulnerability VCID-kke1-d8nw-tyhj
10
vulnerability VCID-mmy3-eycu-q7bu
11
vulnerability VCID-ph25-5qgg-zfer
12
vulnerability VCID-rcmj-djgg-bqf7
13
vulnerability VCID-vcth-rrmy-5qej
14
vulnerability VCID-w2a5-j7ew-mbet
15
vulnerability VCID-xftu-6k5q-7ub6
16
vulnerability VCID-xvs7-58y1-3ybj
17
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
aliases CVE-2025-43735, GHSA-222w-xmc5-jhp3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hthn-qn9g-u3dv
24
url VCID-hvhc-kn1w-qkac
vulnerability_id VCID-hvhc-kn1w-qkac
summary An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42129
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40848
published_at 2026-06-11T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.41024
published_at 2026-06-14T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.41015
published_at 2026-06-12T12:55:00Z
3
value 0.00191
scoring_system epss
scoring_elements 0.41036
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42129
1
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129
reference_id cve-2022-42129
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:27:45Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42129
reference_id CVE-2022-42129
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42129
3
reference_url https://github.com/advisories/GHSA-g6x4-57hp-j4xm
reference_id GHSA-g6x4-57hp-j4xm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g6x4-57hp-j4xm
4
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:27:45Z/
url http://liferay.com
5
reference_url https://issues.liferay.com/browse/LPE-17448
reference_id LPE-17448
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:27:45Z/
url https://issues.liferay.com/browse/LPE-17448
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d9qm-h8q2-sfda
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-g52h-8r1h-dfhe
30
vulnerability VCID-gfwc-qjpr-6fgf
31
vulnerability VCID-gngs-dm98-eqc2
32
vulnerability VCID-hqwn-t5mr-13ab
33
vulnerability VCID-hthn-qn9g-u3dv
34
vulnerability VCID-j2r3-g95d-hued
35
vulnerability VCID-jg5a-j9vb-f7hk
36
vulnerability VCID-jh4y-y7np-9fav
37
vulnerability VCID-k469-ety8-rqby
38
vulnerability VCID-k56t-ry18-zbg4
39
vulnerability VCID-kke1-d8nw-tyhj
40
vulnerability VCID-mmy3-eycu-q7bu
41
vulnerability VCID-p1dw-dttz-x7ee
42
vulnerability VCID-pcat-aa3f-kqeg
43
vulnerability VCID-ph25-5qgg-zfer
44
vulnerability VCID-ph4a-tj1g-ykc8
45
vulnerability VCID-rcmj-djgg-bqf7
46
vulnerability VCID-rjjs-an4q-6qaf
47
vulnerability VCID-ser9-x7zq-dqdv
48
vulnerability VCID-t2ys-d2mh-xygr
49
vulnerability VCID-twb2-9ane-tfdw
50
vulnerability VCID-u5rg-89bb-wbfy
51
vulnerability VCID-u9gz-jcnn-syby
52
vulnerability VCID-ughz-r7ds-6qfu
53
vulnerability VCID-uu4f-gvmj-7key
54
vulnerability VCID-uxjd-h6fd-sbgf
55
vulnerability VCID-vcth-rrmy-5qej
56
vulnerability VCID-vh4z-622g-j7d6
57
vulnerability VCID-w2a5-j7ew-mbet
58
vulnerability VCID-w71u-16bg-nke4
59
vulnerability VCID-whty-vwsm-t7gt
60
vulnerability VCID-xftu-6k5q-7ub6
61
vulnerability VCID-xvs7-58y1-3ybj
62
vulnerability VCID-xy7e-q9wh-fkh4
63
vulnerability VCID-y38f-84j9-fygf
64
vulnerability VCID-yagv-6mp3-v7hf
65
vulnerability VCID-yp7c-xgj7-s3h2
66
vulnerability VCID-zc53-8p5g-2kcv
67
vulnerability VCID-zkm4-bz55-9bb8
68
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
aliases CVE-2022-42129, GHSA-g6x4-57hp-j4xm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvhc-kn1w-qkac
25
url VCID-jg5a-j9vb-f7hk
vulnerability_id VCID-jg5a-j9vb-f7hk
summary The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39975
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36555
published_at 2026-06-14T12:55:00Z
1
value 0.00157
scoring_system epss
scoring_elements 0.36361
published_at 2026-06-11T12:55:00Z
2
value 0.00157
scoring_system epss
scoring_elements 0.36542
published_at 2026-06-12T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.36566
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39975
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-39975
reference_id cve-2022-39975
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:55:52Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-39975
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39975
reference_id CVE-2022-39975
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39975
4
reference_url https://github.com/advisories/GHSA-83qx-288m-72w4
reference_id GHSA-83qx-288m-72w4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83qx-288m-72w4
5
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:55:52Z/
url http://liferay.com
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.35
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-493t-ab65-pff3
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5sft-4ab1-9kcg
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-73u9-6qzv-t7f7
12
vulnerability VCID-7bjy-2h8a-ukbe
13
vulnerability VCID-99sz-6eag-3kff
14
vulnerability VCID-beqe-x5p8-23b9
15
vulnerability VCID-c2hc-pbr7-2yhz
16
vulnerability VCID-d9qm-h8q2-sfda
17
vulnerability VCID-deaj-uts6-aqb5
18
vulnerability VCID-dztj-3hzz-3bcg
19
vulnerability VCID-eb9n-cwf1-fbga
20
vulnerability VCID-ep8t-7k2h-2kdp
21
vulnerability VCID-epds-vwku-cyed
22
vulnerability VCID-evtz-a8xn-e7b6
23
vulnerability VCID-ext6-8u2c-xufv
24
vulnerability VCID-f6z5-3pp9-7qey
25
vulnerability VCID-gfwc-qjpr-6fgf
26
vulnerability VCID-gngs-dm98-eqc2
27
vulnerability VCID-hqwn-t5mr-13ab
28
vulnerability VCID-hthn-qn9g-u3dv
29
vulnerability VCID-j2r3-g95d-hued
30
vulnerability VCID-k56t-ry18-zbg4
31
vulnerability VCID-kke1-d8nw-tyhj
32
vulnerability VCID-mmy3-eycu-q7bu
33
vulnerability VCID-p1dw-dttz-x7ee
34
vulnerability VCID-p3dp-ku5j-yke9
35
vulnerability VCID-ph25-5qgg-zfer
36
vulnerability VCID-rcmj-djgg-bqf7
37
vulnerability VCID-ser9-x7zq-dqdv
38
vulnerability VCID-twb2-9ane-tfdw
39
vulnerability VCID-u5rg-89bb-wbfy
40
vulnerability VCID-u9gz-jcnn-syby
41
vulnerability VCID-vcth-rrmy-5qej
42
vulnerability VCID-w2a5-j7ew-mbet
43
vulnerability VCID-w71u-16bg-nke4
44
vulnerability VCID-whty-vwsm-t7gt
45
vulnerability VCID-xftu-6k5q-7ub6
46
vulnerability VCID-xvs7-58y1-3ybj
47
vulnerability VCID-y38f-84j9-fygf
48
vulnerability VCID-yagv-6mp3-v7hf
49
vulnerability VCID-yp7c-xgj7-s3h2
50
vulnerability VCID-zc53-8p5g-2kcv
51
vulnerability VCID-zkm4-bz55-9bb8
52
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.35
aliases CVE-2022-39975, GHSA-83qx-288m-72w4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jg5a-j9vb-f7hk
26
url VCID-jh4y-y7np-9fav
vulnerability_id VCID-jh4y-y7np-9fav
summary Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26266
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35883
published_at 2026-06-14T12:55:00Z
2
value 0.00152
scoring_system epss
scoring_elements 0.35874
published_at 2026-06-12T12:55:00Z
3
value 0.00152
scoring_system epss
scoring_elements 0.35896
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26266
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266
reference_id cve-2024-26266
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:43:41Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26266
reference_id CVE-2024-26266
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26266
4
reference_url https://github.com/advisories/GHSA-rwxc-4cmw-7x75
reference_id GHSA-rwxc-4cmw-7x75
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwxc-4cmw-7x75
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-9u32-4n1x-77ce
15
vulnerability VCID-9v1n-scdh-a3du
16
vulnerability VCID-a62g-s5j4-73fr
17
vulnerability VCID-beqe-x5p8-23b9
18
vulnerability VCID-c2hc-pbr7-2yhz
19
vulnerability VCID-d9qm-h8q2-sfda
20
vulnerability VCID-deaj-uts6-aqb5
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-efzj-vsre-1ygm
23
vulnerability VCID-ep8t-7k2h-2kdp
24
vulnerability VCID-epds-vwku-cyed
25
vulnerability VCID-evtz-a8xn-e7b6
26
vulnerability VCID-ext6-8u2c-xufv
27
vulnerability VCID-f6z5-3pp9-7qey
28
vulnerability VCID-gfwc-qjpr-6fgf
29
vulnerability VCID-gngs-dm98-eqc2
30
vulnerability VCID-hqwn-t5mr-13ab
31
vulnerability VCID-hthn-qn9g-u3dv
32
vulnerability VCID-j2r3-g95d-hued
33
vulnerability VCID-jg5a-j9vb-f7hk
34
vulnerability VCID-k56t-ry18-zbg4
35
vulnerability VCID-kke1-d8nw-tyhj
36
vulnerability VCID-mmy3-eycu-q7bu
37
vulnerability VCID-p1dw-dttz-x7ee
38
vulnerability VCID-p3dp-ku5j-yke9
39
vulnerability VCID-pcat-aa3f-kqeg
40
vulnerability VCID-ph25-5qgg-zfer
41
vulnerability VCID-rcmj-djgg-bqf7
42
vulnerability VCID-rjjs-an4q-6qaf
43
vulnerability VCID-ser9-x7zq-dqdv
44
vulnerability VCID-twb2-9ane-tfdw
45
vulnerability VCID-u5rg-89bb-wbfy
46
vulnerability VCID-u9gz-jcnn-syby
47
vulnerability VCID-ughz-r7ds-6qfu
48
vulnerability VCID-vcth-rrmy-5qej
49
vulnerability VCID-vh4z-622g-j7d6
50
vulnerability VCID-w2a5-j7ew-mbet
51
vulnerability VCID-w71u-16bg-nke4
52
vulnerability VCID-whty-vwsm-t7gt
53
vulnerability VCID-xftu-6k5q-7ub6
54
vulnerability VCID-xvs7-58y1-3ybj
55
vulnerability VCID-y38f-84j9-fygf
56
vulnerability VCID-yagv-6mp3-v7hf
57
vulnerability VCID-yp7c-xgj7-s3h2
58
vulnerability VCID-zc53-8p5g-2kcv
59
vulnerability VCID-zkm4-bz55-9bb8
60
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14
aliases CVE-2024-26266, GHSA-rwxc-4cmw-7x75
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jh4y-y7np-9fav
27
url VCID-k469-ety8-rqby
vulnerability_id VCID-k469-ety8-rqby
summary The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40276
published_at 2026-06-11T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40456
published_at 2026-06-14T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.40444
published_at 2026-06-12T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40467
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
3
reference_url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
reference_id cve-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:21:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
reference_id CVE-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
6
reference_url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
reference_id GHSA-mf8h-grfg-j9j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-d9qm-h8q2-sfda
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-efzj-vsre-1ygm
23
vulnerability VCID-ep8t-7k2h-2kdp
24
vulnerability VCID-epds-vwku-cyed
25
vulnerability VCID-evtz-a8xn-e7b6
26
vulnerability VCID-ext6-8u2c-xufv
27
vulnerability VCID-f6z5-3pp9-7qey
28
vulnerability VCID-g52h-8r1h-dfhe
29
vulnerability VCID-gfwc-qjpr-6fgf
30
vulnerability VCID-gngs-dm98-eqc2
31
vulnerability VCID-hqwn-t5mr-13ab
32
vulnerability VCID-hthn-qn9g-u3dv
33
vulnerability VCID-j2r3-g95d-hued
34
vulnerability VCID-jg5a-j9vb-f7hk
35
vulnerability VCID-jh4y-y7np-9fav
36
vulnerability VCID-k56t-ry18-zbg4
37
vulnerability VCID-kke1-d8nw-tyhj
38
vulnerability VCID-mmy3-eycu-q7bu
39
vulnerability VCID-p1dw-dttz-x7ee
40
vulnerability VCID-pcat-aa3f-kqeg
41
vulnerability VCID-ph25-5qgg-zfer
42
vulnerability VCID-ph4a-tj1g-ykc8
43
vulnerability VCID-rcmj-djgg-bqf7
44
vulnerability VCID-rjjs-an4q-6qaf
45
vulnerability VCID-ser9-x7zq-dqdv
46
vulnerability VCID-twb2-9ane-tfdw
47
vulnerability VCID-u5rg-89bb-wbfy
48
vulnerability VCID-u9gz-jcnn-syby
49
vulnerability VCID-ughz-r7ds-6qfu
50
vulnerability VCID-uu4f-gvmj-7key
51
vulnerability VCID-uxjd-h6fd-sbgf
52
vulnerability VCID-vcth-rrmy-5qej
53
vulnerability VCID-vh4z-622g-j7d6
54
vulnerability VCID-w2a5-j7ew-mbet
55
vulnerability VCID-w71u-16bg-nke4
56
vulnerability VCID-whty-vwsm-t7gt
57
vulnerability VCID-xftu-6k5q-7ub6
58
vulnerability VCID-xvs7-58y1-3ybj
59
vulnerability VCID-xy7e-q9wh-fkh4
60
vulnerability VCID-y38f-84j9-fygf
61
vulnerability VCID-yagv-6mp3-v7hf
62
vulnerability VCID-yp7c-xgj7-s3h2
63
vulnerability VCID-zc53-8p5g-2kcv
64
vulnerability VCID-zkm4-bz55-9bb8
65
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6
aliases CVE-2024-25605, GHSA-mf8h-grfg-j9j3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k469-ety8-rqby
28
url VCID-kke1-d8nw-tyhj
vulnerability_id VCID-kke1-d8nw-tyhj
summary Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3639
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13877
published_at 2026-06-13T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13763
published_at 2026-06-11T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13879
published_at 2026-06-12T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25289
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3639
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05
3
reference_url https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78
4
reference_url https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7
5
reference_url https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518
6
reference_url https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb
7
reference_url https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2
8
reference_url https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc
9
reference_url https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f
10
reference_url https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67
11
reference_url https://liferay.atlassian.net/browse/LPE-18212
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18212
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3639
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3639
13
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639
reference_id CVE-2025-3639
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-18T19:51:41Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639
14
reference_url https://github.com/advisories/GHSA-g4wg-mpfg-x2q6
reference_id GHSA-g4wg-mpfg-x2q6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4wg-mpfg-x2q6
fixed_packages
aliases CVE-2025-3639, GHSA-g4wg-mpfg-x2q6
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kke1-d8nw-tyhj
29
url VCID-mmy3-eycu-q7bu
vulnerability_id VCID-mmy3-eycu-q7bu
summary A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript through Custom Object field label. The malicious payload is stored and executed through Process Builder's Configuration tab without proper escaping.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43776
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.14036
published_at 2026-06-13T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.1401
published_at 2026-06-14T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13922
published_at 2026-06-11T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.14039
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43776
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.atlassian.net/browse/LPE-18277
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18277
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43776
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43776
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43776
reference_id CVE-2025-43776
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T15:04:48Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43776
5
reference_url https://github.com/advisories/GHSA-rcc7-jx7p-hrv4
reference_id GHSA-rcc7-jx7p-hrv4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcc7-jx7p-hrv4
fixed_packages
aliases CVE-2025-43776, GHSA-rcc7-jx7p-hrv4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmy3-eycu-q7bu
30
url VCID-mqut-n4an-x3cs
vulnerability_id VCID-mqut-n4an-x3cs
summary Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38669
published_at 2026-06-13T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38659
published_at 2026-06-14T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38474
published_at 2026-06-11T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38647
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
3
reference_url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
4
reference_url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
5
reference_url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
6
reference_url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
7
reference_url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
8
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
reference_id cve-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T14:56:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
reference_id CVE-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
10
reference_url https://github.com/advisories/GHSA-4585-28v2-8h46
reference_id GHSA-4585-28v2-8h46
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4585-28v2-8h46
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j2r3-g95d-hued
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d9qm-h8q2-sfda
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-g52h-8r1h-dfhe
30
vulnerability VCID-gfwc-qjpr-6fgf
31
vulnerability VCID-gngs-dm98-eqc2
32
vulnerability VCID-hqwn-t5mr-13ab
33
vulnerability VCID-hthn-qn9g-u3dv
34
vulnerability VCID-j2r3-g95d-hued
35
vulnerability VCID-jg5a-j9vb-f7hk
36
vulnerability VCID-jh4y-y7np-9fav
37
vulnerability VCID-k469-ety8-rqby
38
vulnerability VCID-k56t-ry18-zbg4
39
vulnerability VCID-kke1-d8nw-tyhj
40
vulnerability VCID-mmy3-eycu-q7bu
41
vulnerability VCID-p1dw-dttz-x7ee
42
vulnerability VCID-pcat-aa3f-kqeg
43
vulnerability VCID-ph25-5qgg-zfer
44
vulnerability VCID-ph4a-tj1g-ykc8
45
vulnerability VCID-rcmj-djgg-bqf7
46
vulnerability VCID-rjjs-an4q-6qaf
47
vulnerability VCID-ser9-x7zq-dqdv
48
vulnerability VCID-t2ys-d2mh-xygr
49
vulnerability VCID-twb2-9ane-tfdw
50
vulnerability VCID-u5rg-89bb-wbfy
51
vulnerability VCID-u9gz-jcnn-syby
52
vulnerability VCID-ughz-r7ds-6qfu
53
vulnerability VCID-uu4f-gvmj-7key
54
vulnerability VCID-uxjd-h6fd-sbgf
55
vulnerability VCID-vcth-rrmy-5qej
56
vulnerability VCID-vh4z-622g-j7d6
57
vulnerability VCID-w2a5-j7ew-mbet
58
vulnerability VCID-w71u-16bg-nke4
59
vulnerability VCID-whty-vwsm-t7gt
60
vulnerability VCID-xftu-6k5q-7ub6
61
vulnerability VCID-xvs7-58y1-3ybj
62
vulnerability VCID-xy7e-q9wh-fkh4
63
vulnerability VCID-y38f-84j9-fygf
64
vulnerability VCID-yagv-6mp3-v7hf
65
vulnerability VCID-yp7c-xgj7-s3h2
66
vulnerability VCID-zc53-8p5g-2kcv
67
vulnerability VCID-zkm4-bz55-9bb8
68
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
aliases CVE-2024-25150, GHSA-4585-28v2-8h46
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqut-n4an-x3cs
31
url VCID-mzzp-psnm-muhm
vulnerability_id VCID-mzzp-psnm-muhm
summary ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42124
reference_id
reference_type
scores
0
value 0.01185
scoring_system epss
scoring_elements 0.79273
published_at 2026-06-14T12:55:00Z
1
value 0.01185
scoring_system epss
scoring_elements 0.79199
published_at 2026-06-11T12:55:00Z
2
value 0.01185
scoring_system epss
scoring_elements 0.79264
published_at 2026-06-12T12:55:00Z
3
value 0.01185
scoring_system epss
scoring_elements 0.79277
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42124
1
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42124
reference_id cve-2022-42124
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:49:41Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42124
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42124
reference_id CVE-2022-42124
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42124
3
reference_url https://github.com/advisories/GHSA-vjj4-qwcm-552h
reference_id GHSA-vjj4-qwcm-552h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vjj4-qwcm-552h
4
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:49:41Z/
url http://liferay.com
5
reference_url https://issues.liferay.com/browse/LPE-17435
reference_id LPE-17435
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:49:41Z/
url https://issues.liferay.com/browse/LPE-17435
6
reference_url https://issues.liferay.com/browse/LPE-17535
reference_id LPE-17535
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:49:41Z/
url https://issues.liferay.com/browse/LPE-17535
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d9qm-h8q2-sfda
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-g52h-8r1h-dfhe
30
vulnerability VCID-gfwc-qjpr-6fgf
31
vulnerability VCID-gngs-dm98-eqc2
32
vulnerability VCID-hqwn-t5mr-13ab
33
vulnerability VCID-hthn-qn9g-u3dv
34
vulnerability VCID-j2r3-g95d-hued
35
vulnerability VCID-jg5a-j9vb-f7hk
36
vulnerability VCID-jh4y-y7np-9fav
37
vulnerability VCID-k469-ety8-rqby
38
vulnerability VCID-k56t-ry18-zbg4
39
vulnerability VCID-kke1-d8nw-tyhj
40
vulnerability VCID-mmy3-eycu-q7bu
41
vulnerability VCID-p1dw-dttz-x7ee
42
vulnerability VCID-pcat-aa3f-kqeg
43
vulnerability VCID-ph25-5qgg-zfer
44
vulnerability VCID-ph4a-tj1g-ykc8
45
vulnerability VCID-rcmj-djgg-bqf7
46
vulnerability VCID-rjjs-an4q-6qaf
47
vulnerability VCID-ser9-x7zq-dqdv
48
vulnerability VCID-t2ys-d2mh-xygr
49
vulnerability VCID-twb2-9ane-tfdw
50
vulnerability VCID-u5rg-89bb-wbfy
51
vulnerability VCID-u9gz-jcnn-syby
52
vulnerability VCID-ughz-r7ds-6qfu
53
vulnerability VCID-uu4f-gvmj-7key
54
vulnerability VCID-uxjd-h6fd-sbgf
55
vulnerability VCID-vcth-rrmy-5qej
56
vulnerability VCID-vh4z-622g-j7d6
57
vulnerability VCID-w2a5-j7ew-mbet
58
vulnerability VCID-w71u-16bg-nke4
59
vulnerability VCID-whty-vwsm-t7gt
60
vulnerability VCID-xftu-6k5q-7ub6
61
vulnerability VCID-xvs7-58y1-3ybj
62
vulnerability VCID-xy7e-q9wh-fkh4
63
vulnerability VCID-y38f-84j9-fygf
64
vulnerability VCID-yagv-6mp3-v7hf
65
vulnerability VCID-yp7c-xgj7-s3h2
66
vulnerability VCID-zc53-8p5g-2kcv
67
vulnerability VCID-zkm4-bz55-9bb8
68
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5
aliases CVE-2022-42124, GHSA-vjj4-qwcm-552h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mzzp-psnm-muhm
32
url VCID-n634-fspx-judk
vulnerability_id VCID-n634-fspx-judk
summary Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25149
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49567
published_at 2026-06-11T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.4971
published_at 2026-06-14T12:55:00Z
2
value 0.00259
scoring_system epss
scoring_elements 0.49722
published_at 2026-06-13T12:55:00Z
3
value 0.00259
scoring_system epss
scoring_elements 0.49703
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25149
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149
reference_id cve-2024-25149
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:46:50Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25149
reference_id CVE-2024-25149
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25149
5
reference_url https://github.com/advisories/GHSA-qpgh-6v9w-vfv6
reference_id GHSA-qpgh-6v9w-vfv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpgh-6v9w-vfv6
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5ytw-d875-3yfe
7
vulnerability VCID-69x9-5buz-1yht
8
vulnerability VCID-6f8z-s1fz-57b2
9
vulnerability VCID-6jsv-kw7h-9yeu
10
vulnerability VCID-6jw2-chce-suhn
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-7tdg-swnf-53cb
15
vulnerability VCID-88u7-stft-ebdh
16
vulnerability VCID-9u32-4n1x-77ce
17
vulnerability VCID-9v1n-scdh-a3du
18
vulnerability VCID-a62g-s5j4-73fr
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d3cx-1jmf-cfc4
22
vulnerability VCID-d9qm-h8q2-sfda
23
vulnerability VCID-eb9n-cwf1-fbga
24
vulnerability VCID-efzj-vsre-1ygm
25
vulnerability VCID-ep8t-7k2h-2kdp
26
vulnerability VCID-epds-vwku-cyed
27
vulnerability VCID-evtz-a8xn-e7b6
28
vulnerability VCID-ext6-8u2c-xufv
29
vulnerability VCID-f6z5-3pp9-7qey
30
vulnerability VCID-g52h-8r1h-dfhe
31
vulnerability VCID-gfwc-qjpr-6fgf
32
vulnerability VCID-gngs-dm98-eqc2
33
vulnerability VCID-hpqu-qfg1-rygw
34
vulnerability VCID-hqwn-t5mr-13ab
35
vulnerability VCID-hthn-qn9g-u3dv
36
vulnerability VCID-hvhc-kn1w-qkac
37
vulnerability VCID-jg5a-j9vb-f7hk
38
vulnerability VCID-jh4y-y7np-9fav
39
vulnerability VCID-k469-ety8-rqby
40
vulnerability VCID-kke1-d8nw-tyhj
41
vulnerability VCID-mmy3-eycu-q7bu
42
vulnerability VCID-mqut-n4an-x3cs
43
vulnerability VCID-mzzp-psnm-muhm
44
vulnerability VCID-p1dw-dttz-x7ee
45
vulnerability VCID-pcat-aa3f-kqeg
46
vulnerability VCID-ph25-5qgg-zfer
47
vulnerability VCID-ph4a-tj1g-ykc8
48
vulnerability VCID-rcmj-djgg-bqf7
49
vulnerability VCID-rjjs-an4q-6qaf
50
vulnerability VCID-ser9-x7zq-dqdv
51
vulnerability VCID-t2ys-d2mh-xygr
52
vulnerability VCID-trgc-963v-9ue4
53
vulnerability VCID-twb2-9ane-tfdw
54
vulnerability VCID-u5rg-89bb-wbfy
55
vulnerability VCID-u9gz-jcnn-syby
56
vulnerability VCID-ughz-r7ds-6qfu
57
vulnerability VCID-uu4f-gvmj-7key
58
vulnerability VCID-uxjd-h6fd-sbgf
59
vulnerability VCID-vcth-rrmy-5qej
60
vulnerability VCID-vh4z-622g-j7d6
61
vulnerability VCID-w2a5-j7ew-mbet
62
vulnerability VCID-w71u-16bg-nke4
63
vulnerability VCID-whty-vwsm-t7gt
64
vulnerability VCID-xftu-6k5q-7ub6
65
vulnerability VCID-xvs7-58y1-3ybj
66
vulnerability VCID-xy7e-q9wh-fkh4
67
vulnerability VCID-y38f-84j9-fygf
68
vulnerability VCID-yp7c-xgj7-s3h2
69
vulnerability VCID-zc53-8p5g-2kcv
70
vulnerability VCID-zkm4-bz55-9bb8
71
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
aliases CVE-2024-25149, GHSA-qpgh-6v9w-vfv6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n634-fspx-judk
33
url VCID-n65a-ycxy-pqgz
vulnerability_id VCID-n65a-ycxy-pqgz
summary Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-35463
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35378
published_at 2026-06-12T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35201
published_at 2026-06-11T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35382
published_at 2026-06-14T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35402
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-35463
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/751a70e0ed7b380ea2ab510ff79ddb33ed87dd9b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/751a70e0ed7b380ea2ab510ff79ddb33ed87dd9b
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-35463-reflected-xss-with-keywords-in-search?p_r_p_assetEntryId=121611661&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611661%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-35463-reflected-xss-with-keywords-in-search?p_r_p_assetEntryId=121611661&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611661%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-35463
reference_id CVE-2021-35463
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-35463
5
reference_url https://github.com/advisories/GHSA-9h7f-5hc8-cj5f
reference_id GHSA-9h7f-5hc8-cj5f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9h7f-5hc8-cj5f
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5gqq-m36a-53b6
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6e5j-scss-jucz
10
vulnerability VCID-6f8z-s1fz-57b2
11
vulnerability VCID-6jsv-kw7h-9yeu
12
vulnerability VCID-6jw2-chce-suhn
13
vulnerability VCID-72my-1zwg-a7hx
14
vulnerability VCID-73u9-6qzv-t7f7
15
vulnerability VCID-7bjy-2h8a-ukbe
16
vulnerability VCID-7tdg-swnf-53cb
17
vulnerability VCID-88u7-stft-ebdh
18
vulnerability VCID-9u32-4n1x-77ce
19
vulnerability VCID-9v1n-scdh-a3du
20
vulnerability VCID-a62g-s5j4-73fr
21
vulnerability VCID-ank8-p9qa-9udx
22
vulnerability VCID-c2hc-pbr7-2yhz
23
vulnerability VCID-cn1e-v8j7-mfhp
24
vulnerability VCID-d3cx-1jmf-cfc4
25
vulnerability VCID-d9qm-h8q2-sfda
26
vulnerability VCID-eb9n-cwf1-fbga
27
vulnerability VCID-ed9v-m3q5-6yaq
28
vulnerability VCID-efzj-vsre-1ygm
29
vulnerability VCID-ep8t-7k2h-2kdp
30
vulnerability VCID-epds-vwku-cyed
31
vulnerability VCID-evtz-a8xn-e7b6
32
vulnerability VCID-ext6-8u2c-xufv
33
vulnerability VCID-f6z5-3pp9-7qey
34
vulnerability VCID-g52h-8r1h-dfhe
35
vulnerability VCID-gfwc-qjpr-6fgf
36
vulnerability VCID-gngs-dm98-eqc2
37
vulnerability VCID-hpqu-qfg1-rygw
38
vulnerability VCID-hqwn-t5mr-13ab
39
vulnerability VCID-hthn-qn9g-u3dv
40
vulnerability VCID-hvhc-kn1w-qkac
41
vulnerability VCID-jg5a-j9vb-f7hk
42
vulnerability VCID-jh4y-y7np-9fav
43
vulnerability VCID-k469-ety8-rqby
44
vulnerability VCID-kke1-d8nw-tyhj
45
vulnerability VCID-mmy3-eycu-q7bu
46
vulnerability VCID-mqut-n4an-x3cs
47
vulnerability VCID-mzzp-psnm-muhm
48
vulnerability VCID-n634-fspx-judk
49
vulnerability VCID-p1dw-dttz-x7ee
50
vulnerability VCID-pcat-aa3f-kqeg
51
vulnerability VCID-ph25-5qgg-zfer
52
vulnerability VCID-ph4a-tj1g-ykc8
53
vulnerability VCID-qztv-899y-sbb8
54
vulnerability VCID-rcmj-djgg-bqf7
55
vulnerability VCID-rjjs-an4q-6qaf
56
vulnerability VCID-ser9-x7zq-dqdv
57
vulnerability VCID-t2ys-d2mh-xygr
58
vulnerability VCID-tgpb-tps9-wfd5
59
vulnerability VCID-trgc-963v-9ue4
60
vulnerability VCID-twb2-9ane-tfdw
61
vulnerability VCID-u5rg-89bb-wbfy
62
vulnerability VCID-u9gz-jcnn-syby
63
vulnerability VCID-ughz-r7ds-6qfu
64
vulnerability VCID-umd8-9ypn-zkdk
65
vulnerability VCID-uu4f-gvmj-7key
66
vulnerability VCID-uxjd-h6fd-sbgf
67
vulnerability VCID-vcth-rrmy-5qej
68
vulnerability VCID-vh4z-622g-j7d6
69
vulnerability VCID-w2a5-j7ew-mbet
70
vulnerability VCID-w71u-16bg-nke4
71
vulnerability VCID-whty-vwsm-t7gt
72
vulnerability VCID-xftu-6k5q-7ub6
73
vulnerability VCID-xvs7-58y1-3ybj
74
vulnerability VCID-xy7e-q9wh-fkh4
75
vulnerability VCID-y38f-84j9-fygf
76
vulnerability VCID-yp7c-xgj7-s3h2
77
vulnerability VCID-zc53-8p5g-2kcv
78
vulnerability VCID-zkm4-bz55-9bb8
79
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.1
aliases CVE-2021-35463, GHSA-9h7f-5hc8-cj5f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n65a-ycxy-pqgz
34
url VCID-p1dw-dttz-x7ee
vulnerability_id VCID-p1dw-dttz-x7ee
summary Cross-site scripting (XSS) vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Commerce Product's Name text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43823
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.093
published_at 2026-06-11T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10231
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10239
published_at 2026-06-12T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10245
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43823
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43823
reference_id CVE-2025-43823
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-08T13:40:14Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43823
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43823
reference_id CVE-2025-43823
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43823
4
reference_url https://github.com/advisories/GHSA-xx7h-2wf7-hc7p
reference_id GHSA-xx7h-2wf7-hc7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx7h-2wf7-hc7p
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-43823, GHSA-xx7h-2wf7-hc7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1dw-dttz-x7ee
35
url VCID-pcat-aa3f-kqeg
vulnerability_id VCID-pcat-aa3f-kqeg
summary A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42123
reference_id
reference_type
scores
0
value 0.00418
scoring_system epss
scoring_elements 0.62236
published_at 2026-06-11T12:55:00Z
1
value 0.00418
scoring_system epss
scoring_elements 0.62346
published_at 2026-06-14T12:55:00Z
2
value 0.00418
scoring_system epss
scoring_elements 0.62338
published_at 2026-06-12T12:55:00Z
3
value 0.00418
scoring_system epss
scoring_elements 0.6235
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42123
1
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123
reference_id cve-2022-42123
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:56:31Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42123
reference_id CVE-2022-42123
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42123
3
reference_url https://github.com/advisories/GHSA-hffx-r282-w2g9
reference_id GHSA-hffx-r282-w2g9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hffx-r282-w2g9
4
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:56:31Z/
url http://liferay.com
5
reference_url https://issues.liferay.com/browse/LPE-17518
reference_id LPE-17518
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:56:31Z/
url https://issues.liferay.com/browse/LPE-17518
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-99sz-6eag-3kff
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-a62g-s5j4-73fr
17
vulnerability VCID-beqe-x5p8-23b9
18
vulnerability VCID-c2hc-pbr7-2yhz
19
vulnerability VCID-d9qm-h8q2-sfda
20
vulnerability VCID-deaj-uts6-aqb5
21
vulnerability VCID-dztj-3hzz-3bcg
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-ep8t-7k2h-2kdp
24
vulnerability VCID-epds-vwku-cyed
25
vulnerability VCID-evtz-a8xn-e7b6
26
vulnerability VCID-ext6-8u2c-xufv
27
vulnerability VCID-f6z5-3pp9-7qey
28
vulnerability VCID-gfwc-qjpr-6fgf
29
vulnerability VCID-gngs-dm98-eqc2
30
vulnerability VCID-hqwn-t5mr-13ab
31
vulnerability VCID-hthn-qn9g-u3dv
32
vulnerability VCID-j2r3-g95d-hued
33
vulnerability VCID-jg5a-j9vb-f7hk
34
vulnerability VCID-k56t-ry18-zbg4
35
vulnerability VCID-kke1-d8nw-tyhj
36
vulnerability VCID-mmy3-eycu-q7bu
37
vulnerability VCID-p1dw-dttz-x7ee
38
vulnerability VCID-p3dp-ku5j-yke9
39
vulnerability VCID-ph25-5qgg-zfer
40
vulnerability VCID-rcmj-djgg-bqf7
41
vulnerability VCID-rjjs-an4q-6qaf
42
vulnerability VCID-ser9-x7zq-dqdv
43
vulnerability VCID-twb2-9ane-tfdw
44
vulnerability VCID-u5rg-89bb-wbfy
45
vulnerability VCID-u9gz-jcnn-syby
46
vulnerability VCID-vcth-rrmy-5qej
47
vulnerability VCID-vh4z-622g-j7d6
48
vulnerability VCID-w2a5-j7ew-mbet
49
vulnerability VCID-w71u-16bg-nke4
50
vulnerability VCID-whty-vwsm-t7gt
51
vulnerability VCID-xftu-6k5q-7ub6
52
vulnerability VCID-xvs7-58y1-3ybj
53
vulnerability VCID-y38f-84j9-fygf
54
vulnerability VCID-yagv-6mp3-v7hf
55
vulnerability VCID-yp7c-xgj7-s3h2
56
vulnerability VCID-zc53-8p5g-2kcv
57
vulnerability VCID-zkm4-bz55-9bb8
58
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19
aliases CVE-2022-42123, GHSA-hffx-r282-w2g9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pcat-aa3f-kqeg
36
url VCID-ph25-5qgg-zfer
vulnerability_id VCID-ph25-5qgg-zfer
summary A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code in the “first display label” field in the configuration of a custom sort widget. This malicious payload is then reflected and executed by clay button taglib when refreshing the page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43734
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.32182
published_at 2026-06-12T12:55:00Z
1
value 0.0013
scoring_system epss
scoring_elements 0.32179
published_at 2026-06-14T12:55:00Z
2
value 0.0013
scoring_system epss
scoring_elements 0.31998
published_at 2026-06-11T12:55:00Z
3
value 0.0013
scoring_system epss
scoring_elements 0.32199
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43734
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/b4ca1bb0961cc1f230508e072c30815eabce062f
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b4ca1bb0961cc1f230508e072c30815eabce062f
3
reference_url https://liferay.atlassian.net/browse/LPE-18234
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18234
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43734
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43734
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43734
reference_id CVE-2025-43734
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T19:00:01Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43734
6
reference_url https://github.com/advisories/GHSA-m5c7-5gv3-hcpf
reference_id GHSA-m5c7-5gv3-hcpf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m5c7-5gv3-hcpf
fixed_packages
aliases CVE-2025-43734, GHSA-m5c7-5gv3-hcpf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ph25-5qgg-zfer
37
url VCID-ph4a-tj1g-ykc8
vulnerability_id VCID-ph4a-tj1g-ykc8
summary Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33939
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53439
published_at 2026-06-12T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.53442
published_at 2026-06-14T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.53313
published_at 2026-06-11T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.53454
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33939
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33939
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33939
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939
reference_id cve-2023-33939
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:45:50Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939
4
reference_url https://github.com/advisories/GHSA-53mw-69qx-q4fc
reference_id GHSA-53mw-69qx-q4fc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-53mw-69qx-q4fc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-d9qm-h8q2-sfda
21
vulnerability VCID-deaj-uts6-aqb5
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-gfwc-qjpr-6fgf
30
vulnerability VCID-gngs-dm98-eqc2
31
vulnerability VCID-hqwn-t5mr-13ab
32
vulnerability VCID-hthn-qn9g-u3dv
33
vulnerability VCID-j2r3-g95d-hued
34
vulnerability VCID-jg5a-j9vb-f7hk
35
vulnerability VCID-jh4y-y7np-9fav
36
vulnerability VCID-k56t-ry18-zbg4
37
vulnerability VCID-kke1-d8nw-tyhj
38
vulnerability VCID-mmy3-eycu-q7bu
39
vulnerability VCID-p1dw-dttz-x7ee
40
vulnerability VCID-p3dp-ku5j-yke9
41
vulnerability VCID-pcat-aa3f-kqeg
42
vulnerability VCID-ph25-5qgg-zfer
43
vulnerability VCID-rcmj-djgg-bqf7
44
vulnerability VCID-rjjs-an4q-6qaf
45
vulnerability VCID-ser9-x7zq-dqdv
46
vulnerability VCID-twb2-9ane-tfdw
47
vulnerability VCID-u5rg-89bb-wbfy
48
vulnerability VCID-u9gz-jcnn-syby
49
vulnerability VCID-ughz-r7ds-6qfu
50
vulnerability VCID-uxjd-h6fd-sbgf
51
vulnerability VCID-vcth-rrmy-5qej
52
vulnerability VCID-vh4z-622g-j7d6
53
vulnerability VCID-w2a5-j7ew-mbet
54
vulnerability VCID-w71u-16bg-nke4
55
vulnerability VCID-whty-vwsm-t7gt
56
vulnerability VCID-xftu-6k5q-7ub6
57
vulnerability VCID-xvs7-58y1-3ybj
58
vulnerability VCID-y38f-84j9-fygf
59
vulnerability VCID-yagv-6mp3-v7hf
60
vulnerability VCID-yp7c-xgj7-s3h2
61
vulnerability VCID-zc53-8p5g-2kcv
62
vulnerability VCID-zkm4-bz55-9bb8
63
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13
aliases CVE-2023-33939, GHSA-53mw-69qx-q4fc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ph4a-tj1g-ykc8
38
url VCID-qztv-899y-sbb8
vulnerability_id VCID-qztv-899y-sbb8
summary Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25147
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.34833
published_at 2026-06-11T12:55:00Z
1
value 0.00147
scoring_system epss
scoring_elements 0.35016
published_at 2026-06-14T12:55:00Z
2
value 0.00147
scoring_system epss
scoring_elements 0.35013
published_at 2026-06-12T12:55:00Z
3
value 0.00147
scoring_system epss
scoring_elements 0.35036
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25147
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147
reference_id cve-2024-25147
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T16:15:43Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25147
reference_id CVE-2024-25147
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25147
4
reference_url https://github.com/advisories/GHSA-xpjg-7hx7-wgcx
reference_id GHSA-xpjg-7hx7-wgcx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpjg-7hx7-wgcx
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.1-1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5gqq-m36a-53b6
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6e5j-scss-jucz
10
vulnerability VCID-6f8z-s1fz-57b2
11
vulnerability VCID-6jsv-kw7h-9yeu
12
vulnerability VCID-6jw2-chce-suhn
13
vulnerability VCID-72my-1zwg-a7hx
14
vulnerability VCID-73u9-6qzv-t7f7
15
vulnerability VCID-7bjy-2h8a-ukbe
16
vulnerability VCID-7tdg-swnf-53cb
17
vulnerability VCID-88u7-stft-ebdh
18
vulnerability VCID-9u32-4n1x-77ce
19
vulnerability VCID-9v1n-scdh-a3du
20
vulnerability VCID-a62g-s5j4-73fr
21
vulnerability VCID-ank8-p9qa-9udx
22
vulnerability VCID-c2hc-pbr7-2yhz
23
vulnerability VCID-cn1e-v8j7-mfhp
24
vulnerability VCID-d3cx-1jmf-cfc4
25
vulnerability VCID-d9qm-h8q2-sfda
26
vulnerability VCID-eb9n-cwf1-fbga
27
vulnerability VCID-ed9v-m3q5-6yaq
28
vulnerability VCID-efzj-vsre-1ygm
29
vulnerability VCID-ep8t-7k2h-2kdp
30
vulnerability VCID-epds-vwku-cyed
31
vulnerability VCID-evtz-a8xn-e7b6
32
vulnerability VCID-ext6-8u2c-xufv
33
vulnerability VCID-f6z5-3pp9-7qey
34
vulnerability VCID-g52h-8r1h-dfhe
35
vulnerability VCID-gfwc-qjpr-6fgf
36
vulnerability VCID-gngs-dm98-eqc2
37
vulnerability VCID-hpqu-qfg1-rygw
38
vulnerability VCID-hqwn-t5mr-13ab
39
vulnerability VCID-hthn-qn9g-u3dv
40
vulnerability VCID-hvhc-kn1w-qkac
41
vulnerability VCID-jg5a-j9vb-f7hk
42
vulnerability VCID-jh4y-y7np-9fav
43
vulnerability VCID-k469-ety8-rqby
44
vulnerability VCID-kke1-d8nw-tyhj
45
vulnerability VCID-mmy3-eycu-q7bu
46
vulnerability VCID-mqut-n4an-x3cs
47
vulnerability VCID-mzzp-psnm-muhm
48
vulnerability VCID-n634-fspx-judk
49
vulnerability VCID-p1dw-dttz-x7ee
50
vulnerability VCID-pcat-aa3f-kqeg
51
vulnerability VCID-ph25-5qgg-zfer
52
vulnerability VCID-ph4a-tj1g-ykc8
53
vulnerability VCID-rcmj-djgg-bqf7
54
vulnerability VCID-rjjs-an4q-6qaf
55
vulnerability VCID-ser9-x7zq-dqdv
56
vulnerability VCID-t2ys-d2mh-xygr
57
vulnerability VCID-tgpb-tps9-wfd5
58
vulnerability VCID-trgc-963v-9ue4
59
vulnerability VCID-twb2-9ane-tfdw
60
vulnerability VCID-u5rg-89bb-wbfy
61
vulnerability VCID-u9gz-jcnn-syby
62
vulnerability VCID-ughz-r7ds-6qfu
63
vulnerability VCID-umd8-9ypn-zkdk
64
vulnerability VCID-uu4f-gvmj-7key
65
vulnerability VCID-uxjd-h6fd-sbgf
66
vulnerability VCID-vcth-rrmy-5qej
67
vulnerability VCID-vh4z-622g-j7d6
68
vulnerability VCID-w2a5-j7ew-mbet
69
vulnerability VCID-w71u-16bg-nke4
70
vulnerability VCID-whty-vwsm-t7gt
71
vulnerability VCID-xftu-6k5q-7ub6
72
vulnerability VCID-xvs7-58y1-3ybj
73
vulnerability VCID-xy7e-q9wh-fkh4
74
vulnerability VCID-y38f-84j9-fygf
75
vulnerability VCID-yp7c-xgj7-s3h2
76
vulnerability VCID-zc53-8p5g-2kcv
77
vulnerability VCID-zkm4-bz55-9bb8
78
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.1-1
aliases CVE-2024-25147, GHSA-xpjg-7hx7-wgcx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qztv-899y-sbb8
39
url VCID-rjjs-an4q-6qaf
vulnerability_id VCID-rjjs-an4q-6qaf
summary The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42126
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34547
published_at 2026-06-11T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.3473
published_at 2026-06-14T12:55:00Z
2
value 0.00144
scoring_system epss
scoring_elements 0.34725
published_at 2026-06-12T12:55:00Z
3
value 0.00144
scoring_system epss
scoring_elements 0.34749
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42126
1
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126
reference_id cve-2022-42126
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:31:00Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42126
reference_id CVE-2022-42126
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42126
3
reference_url https://github.com/advisories/GHSA-642h-mx8q-47p2
reference_id GHSA-642h-mx8q-47p2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-642h-mx8q-47p2
4
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:31:00Z/
url http://liferay.com
5
reference_url https://issues.liferay.com/browse/LPE-17593
reference_id LPE-17593
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:31:00Z/
url https://issues.liferay.com/browse/LPE-17593
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.29
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-493t-ab65-pff3
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5sft-4ab1-9kcg
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-73u9-6qzv-t7f7
12
vulnerability VCID-7bjy-2h8a-ukbe
13
vulnerability VCID-99sz-6eag-3kff
14
vulnerability VCID-beqe-x5p8-23b9
15
vulnerability VCID-c2hc-pbr7-2yhz
16
vulnerability VCID-d9qm-h8q2-sfda
17
vulnerability VCID-deaj-uts6-aqb5
18
vulnerability VCID-dztj-3hzz-3bcg
19
vulnerability VCID-eb9n-cwf1-fbga
20
vulnerability VCID-ep8t-7k2h-2kdp
21
vulnerability VCID-epds-vwku-cyed
22
vulnerability VCID-evtz-a8xn-e7b6
23
vulnerability VCID-ext6-8u2c-xufv
24
vulnerability VCID-f6z5-3pp9-7qey
25
vulnerability VCID-gfwc-qjpr-6fgf
26
vulnerability VCID-gngs-dm98-eqc2
27
vulnerability VCID-hqwn-t5mr-13ab
28
vulnerability VCID-hthn-qn9g-u3dv
29
vulnerability VCID-j2r3-g95d-hued
30
vulnerability VCID-jg5a-j9vb-f7hk
31
vulnerability VCID-k56t-ry18-zbg4
32
vulnerability VCID-kke1-d8nw-tyhj
33
vulnerability VCID-mmy3-eycu-q7bu
34
vulnerability VCID-p1dw-dttz-x7ee
35
vulnerability VCID-p3dp-ku5j-yke9
36
vulnerability VCID-ph25-5qgg-zfer
37
vulnerability VCID-rcmj-djgg-bqf7
38
vulnerability VCID-ser9-x7zq-dqdv
39
vulnerability VCID-twb2-9ane-tfdw
40
vulnerability VCID-u5rg-89bb-wbfy
41
vulnerability VCID-u9gz-jcnn-syby
42
vulnerability VCID-vcth-rrmy-5qej
43
vulnerability VCID-vh4z-622g-j7d6
44
vulnerability VCID-w2a5-j7ew-mbet
45
vulnerability VCID-w71u-16bg-nke4
46
vulnerability VCID-whty-vwsm-t7gt
47
vulnerability VCID-xftu-6k5q-7ub6
48
vulnerability VCID-xvs7-58y1-3ybj
49
vulnerability VCID-y38f-84j9-fygf
50
vulnerability VCID-yagv-6mp3-v7hf
51
vulnerability VCID-yp7c-xgj7-s3h2
52
vulnerability VCID-zc53-8p5g-2kcv
53
vulnerability VCID-zkm4-bz55-9bb8
54
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.29
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.48
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-493t-ab65-pff3
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5sft-4ab1-9kcg
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-73u9-6qzv-t7f7
12
vulnerability VCID-7bjy-2h8a-ukbe
13
vulnerability VCID-99sz-6eag-3kff
14
vulnerability VCID-9seq-71yb-tfcf
15
vulnerability VCID-beqe-x5p8-23b9
16
vulnerability VCID-c2hc-pbr7-2yhz
17
vulnerability VCID-d49a-szjx-jub1
18
vulnerability VCID-d9qm-h8q2-sfda
19
vulnerability VCID-deaj-uts6-aqb5
20
vulnerability VCID-dztj-3hzz-3bcg
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-ep8t-7k2h-2kdp
23
vulnerability VCID-epds-vwku-cyed
24
vulnerability VCID-evtz-a8xn-e7b6
25
vulnerability VCID-ext6-8u2c-xufv
26
vulnerability VCID-f6z5-3pp9-7qey
27
vulnerability VCID-gfwc-qjpr-6fgf
28
vulnerability VCID-hqwn-t5mr-13ab
29
vulnerability VCID-hthn-qn9g-u3dv
30
vulnerability VCID-j2r3-g95d-hued
31
vulnerability VCID-kke1-d8nw-tyhj
32
vulnerability VCID-mmy3-eycu-q7bu
33
vulnerability VCID-p1dw-dttz-x7ee
34
vulnerability VCID-p3dp-ku5j-yke9
35
vulnerability VCID-pac3-4jrs-pqdg
36
vulnerability VCID-ph25-5qgg-zfer
37
vulnerability VCID-rcmj-djgg-bqf7
38
vulnerability VCID-s59m-uwgm-d7ed
39
vulnerability VCID-ser9-x7zq-dqdv
40
vulnerability VCID-te96-dz9q-z3cy
41
vulnerability VCID-tkws-gscx-pff6
42
vulnerability VCID-twb2-9ane-tfdw
43
vulnerability VCID-u5rg-89bb-wbfy
44
vulnerability VCID-u9gz-jcnn-syby
45
vulnerability VCID-vcth-rrmy-5qej
46
vulnerability VCID-w2a5-j7ew-mbet
47
vulnerability VCID-w71u-16bg-nke4
48
vulnerability VCID-whty-vwsm-t7gt
49
vulnerability VCID-xftu-6k5q-7ub6
50
vulnerability VCID-xvs7-58y1-3ybj
51
vulnerability VCID-y38f-84j9-fygf
52
vulnerability VCID-zc53-8p5g-2kcv
53
vulnerability VCID-zkm4-bz55-9bb8
54
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.48
aliases CVE-2022-42126, GHSA-642h-mx8q-47p2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rjjs-an4q-6qaf
40
url VCID-ser9-x7zq-dqdv
vulnerability_id VCID-ser9-x7zq-dqdv
summary Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33944
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.5418
published_at 2026-06-12T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54185
published_at 2026-06-14T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.54054
published_at 2026-06-11T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.54198
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33944
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33944
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33944
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944
reference_id cve-2023-33944
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:45:15Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944
4
reference_url https://github.com/advisories/GHSA-pfwc-4frf-4gf8
reference_id GHSA-pfwc-4frf-4gf8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfwc-4frf-4gf8
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.69
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.69
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-deaj-uts6-aqb5
17
vulnerability VCID-dztj-3hzz-3bcg
18
vulnerability VCID-eb9n-cwf1-fbga
19
vulnerability VCID-ep8t-7k2h-2kdp
20
vulnerability VCID-epds-vwku-cyed
21
vulnerability VCID-evtz-a8xn-e7b6
22
vulnerability VCID-ext6-8u2c-xufv
23
vulnerability VCID-f6z5-3pp9-7qey
24
vulnerability VCID-gfwc-qjpr-6fgf
25
vulnerability VCID-hqwn-t5mr-13ab
26
vulnerability VCID-hthn-qn9g-u3dv
27
vulnerability VCID-j2r3-g95d-hued
28
vulnerability VCID-kke1-d8nw-tyhj
29
vulnerability VCID-mmy3-eycu-q7bu
30
vulnerability VCID-p1dw-dttz-x7ee
31
vulnerability VCID-p3dp-ku5j-yke9
32
vulnerability VCID-pac3-4jrs-pqdg
33
vulnerability VCID-ph25-5qgg-zfer
34
vulnerability VCID-rcmj-djgg-bqf7
35
vulnerability VCID-te96-dz9q-z3cy
36
vulnerability VCID-tkws-gscx-pff6
37
vulnerability VCID-twb2-9ane-tfdw
38
vulnerability VCID-u5rg-89bb-wbfy
39
vulnerability VCID-u9gz-jcnn-syby
40
vulnerability VCID-vcth-rrmy-5qej
41
vulnerability VCID-w2a5-j7ew-mbet
42
vulnerability VCID-w71u-16bg-nke4
43
vulnerability VCID-whty-vwsm-t7gt
44
vulnerability VCID-xftu-6k5q-7ub6
45
vulnerability VCID-xvs7-58y1-3ybj
46
vulnerability VCID-y38f-84j9-fygf
47
vulnerability VCID-zc53-8p5g-2kcv
48
vulnerability VCID-zkm4-bz55-9bb8
49
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.69
aliases CVE-2023-33944, GHSA-pfwc-4frf-4gf8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ser9-x7zq-dqdv
41
url VCID-t2ys-d2mh-xygr
vulnerability_id VCID-t2ys-d2mh-xygr
summary The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42132
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56309
published_at 2026-06-14T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56187
published_at 2026-06-11T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.56306
published_at 2026-06-12T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.56321
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42132
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d
3
reference_url https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
reference_id cve-2022-42132
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42132
reference_id CVE-2022-42132
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42132
7
reference_url https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
reference_id CVE-2022-42132
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
8
reference_url https://github.com/advisories/GHSA-f43m-hhj4-q3jg
reference_id GHSA-f43m-hhj4-q3jg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f43m-hhj4-q3jg
9
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/
url http://liferay.com
10
reference_url https://issues.liferay.com/browse/LPE-17438
reference_id LPE-17438
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/
url https://issues.liferay.com/browse/LPE-17438
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-d9qm-h8q2-sfda
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-efzj-vsre-1ygm
23
vulnerability VCID-ep8t-7k2h-2kdp
24
vulnerability VCID-epds-vwku-cyed
25
vulnerability VCID-evtz-a8xn-e7b6
26
vulnerability VCID-ext6-8u2c-xufv
27
vulnerability VCID-f6z5-3pp9-7qey
28
vulnerability VCID-g52h-8r1h-dfhe
29
vulnerability VCID-gfwc-qjpr-6fgf
30
vulnerability VCID-gngs-dm98-eqc2
31
vulnerability VCID-hqwn-t5mr-13ab
32
vulnerability VCID-hthn-qn9g-u3dv
33
vulnerability VCID-j2r3-g95d-hued
34
vulnerability VCID-jg5a-j9vb-f7hk
35
vulnerability VCID-jh4y-y7np-9fav
36
vulnerability VCID-k56t-ry18-zbg4
37
vulnerability VCID-kke1-d8nw-tyhj
38
vulnerability VCID-mmy3-eycu-q7bu
39
vulnerability VCID-p1dw-dttz-x7ee
40
vulnerability VCID-pcat-aa3f-kqeg
41
vulnerability VCID-ph25-5qgg-zfer
42
vulnerability VCID-ph4a-tj1g-ykc8
43
vulnerability VCID-rcmj-djgg-bqf7
44
vulnerability VCID-rjjs-an4q-6qaf
45
vulnerability VCID-ser9-x7zq-dqdv
46
vulnerability VCID-twb2-9ane-tfdw
47
vulnerability VCID-u5rg-89bb-wbfy
48
vulnerability VCID-u9gz-jcnn-syby
49
vulnerability VCID-ughz-r7ds-6qfu
50
vulnerability VCID-uu4f-gvmj-7key
51
vulnerability VCID-uxjd-h6fd-sbgf
52
vulnerability VCID-vcth-rrmy-5qej
53
vulnerability VCID-vh4z-622g-j7d6
54
vulnerability VCID-w2a5-j7ew-mbet
55
vulnerability VCID-w71u-16bg-nke4
56
vulnerability VCID-whty-vwsm-t7gt
57
vulnerability VCID-xftu-6k5q-7ub6
58
vulnerability VCID-xvs7-58y1-3ybj
59
vulnerability VCID-xy7e-q9wh-fkh4
60
vulnerability VCID-y38f-84j9-fygf
61
vulnerability VCID-yagv-6mp3-v7hf
62
vulnerability VCID-yp7c-xgj7-s3h2
63
vulnerability VCID-zc53-8p5g-2kcv
64
vulnerability VCID-zkm4-bz55-9bb8
65
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6
aliases CVE-2022-42132, GHSA-f43m-hhj4-q3jg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ys-d2mh-xygr
42
url VCID-tgpb-tps9-wfd5
vulnerability_id VCID-tgpb-tps9-wfd5
summary Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25152
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35883
published_at 2026-06-14T12:55:00Z
2
value 0.00152
scoring_system epss
scoring_elements 0.35874
published_at 2026-06-12T12:55:00Z
3
value 0.00152
scoring_system epss
scoring_elements 0.35896
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25152
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152
reference_id cve-2024-25152
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T19:54:47Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25152
reference_id CVE-2024-25152
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25152
4
reference_url https://github.com/advisories/GHSA-p28x-4r5h-ph6j
reference_id GHSA-p28x-4r5h-ph6j
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p28x-4r5h-ph6j
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5ytw-d875-3yfe
7
vulnerability VCID-69x9-5buz-1yht
8
vulnerability VCID-6f8z-s1fz-57b2
9
vulnerability VCID-6jsv-kw7h-9yeu
10
vulnerability VCID-6jw2-chce-suhn
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-7tdg-swnf-53cb
15
vulnerability VCID-88u7-stft-ebdh
16
vulnerability VCID-9u32-4n1x-77ce
17
vulnerability VCID-9v1n-scdh-a3du
18
vulnerability VCID-a62g-s5j4-73fr
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-cn1e-v8j7-mfhp
21
vulnerability VCID-d3cx-1jmf-cfc4
22
vulnerability VCID-d9qm-h8q2-sfda
23
vulnerability VCID-eb9n-cwf1-fbga
24
vulnerability VCID-efzj-vsre-1ygm
25
vulnerability VCID-ep8t-7k2h-2kdp
26
vulnerability VCID-epds-vwku-cyed
27
vulnerability VCID-evtz-a8xn-e7b6
28
vulnerability VCID-ext6-8u2c-xufv
29
vulnerability VCID-f6z5-3pp9-7qey
30
vulnerability VCID-g52h-8r1h-dfhe
31
vulnerability VCID-gfwc-qjpr-6fgf
32
vulnerability VCID-gngs-dm98-eqc2
33
vulnerability VCID-hpqu-qfg1-rygw
34
vulnerability VCID-hqwn-t5mr-13ab
35
vulnerability VCID-hthn-qn9g-u3dv
36
vulnerability VCID-hvhc-kn1w-qkac
37
vulnerability VCID-jg5a-j9vb-f7hk
38
vulnerability VCID-jh4y-y7np-9fav
39
vulnerability VCID-k469-ety8-rqby
40
vulnerability VCID-kke1-d8nw-tyhj
41
vulnerability VCID-mmy3-eycu-q7bu
42
vulnerability VCID-mqut-n4an-x3cs
43
vulnerability VCID-mzzp-psnm-muhm
44
vulnerability VCID-p1dw-dttz-x7ee
45
vulnerability VCID-pcat-aa3f-kqeg
46
vulnerability VCID-ph25-5qgg-zfer
47
vulnerability VCID-ph4a-tj1g-ykc8
48
vulnerability VCID-rcmj-djgg-bqf7
49
vulnerability VCID-rjjs-an4q-6qaf
50
vulnerability VCID-ser9-x7zq-dqdv
51
vulnerability VCID-t2ys-d2mh-xygr
52
vulnerability VCID-trgc-963v-9ue4
53
vulnerability VCID-twb2-9ane-tfdw
54
vulnerability VCID-u5rg-89bb-wbfy
55
vulnerability VCID-u9gz-jcnn-syby
56
vulnerability VCID-ughz-r7ds-6qfu
57
vulnerability VCID-uu4f-gvmj-7key
58
vulnerability VCID-uxjd-h6fd-sbgf
59
vulnerability VCID-vcth-rrmy-5qej
60
vulnerability VCID-vh4z-622g-j7d6
61
vulnerability VCID-w2a5-j7ew-mbet
62
vulnerability VCID-w71u-16bg-nke4
63
vulnerability VCID-whty-vwsm-t7gt
64
vulnerability VCID-xftu-6k5q-7ub6
65
vulnerability VCID-xvs7-58y1-3ybj
66
vulnerability VCID-xy7e-q9wh-fkh4
67
vulnerability VCID-y38f-84j9-fygf
68
vulnerability VCID-yp7c-xgj7-s3h2
69
vulnerability VCID-zc53-8p5g-2kcv
70
vulnerability VCID-zkm4-bz55-9bb8
71
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1
aliases CVE-2024-25152, GHSA-p28x-4r5h-ph6j
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgpb-tps9-wfd5
43
url VCID-trgc-963v-9ue4
vulnerability_id VCID-trgc-963v-9ue4
summary Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42131
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.31979
published_at 2026-06-11T12:55:00Z
1
value 0.0013
scoring_system epss
scoring_elements 0.32161
published_at 2026-06-14T12:55:00Z
2
value 0.0013
scoring_system epss
scoring_elements 0.32164
published_at 2026-06-12T12:55:00Z
3
value 0.0013
scoring_system epss
scoring_elements 0.32181
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42131
1
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131
reference_id cve-2022-42131
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42131
reference_id CVE-2022-42131
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42131
3
reference_url https://github.com/advisories/GHSA-cx84-43xc-3gm2
reference_id GHSA-cx84-43xc-3gm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cx84-43xc-3gm2
4
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/
url http://liferay.com
5
reference_url https://issues.liferay.com/browse/LPE-17377
reference_id LPE-17377
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/
url https://issues.liferay.com/browse/LPE-17377
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-39dv-ngxr-vbaj
2
vulnerability VCID-3cm9-v7g5-kfcn
3
vulnerability VCID-48hp-m4m8-cqge
4
vulnerability VCID-493t-ab65-pff3
5
vulnerability VCID-4m1t-nd28-43b2
6
vulnerability VCID-55fq-h94e-kuep
7
vulnerability VCID-5rce-t9wm-4ycx
8
vulnerability VCID-5ytw-d875-3yfe
9
vulnerability VCID-69x9-5buz-1yht
10
vulnerability VCID-6f8z-s1fz-57b2
11
vulnerability VCID-6jsv-kw7h-9yeu
12
vulnerability VCID-6jw2-chce-suhn
13
vulnerability VCID-72my-1zwg-a7hx
14
vulnerability VCID-73u9-6qzv-t7f7
15
vulnerability VCID-7bjy-2h8a-ukbe
16
vulnerability VCID-7tdg-swnf-53cb
17
vulnerability VCID-88u7-stft-ebdh
18
vulnerability VCID-9u32-4n1x-77ce
19
vulnerability VCID-9v1n-scdh-a3du
20
vulnerability VCID-a62g-s5j4-73fr
21
vulnerability VCID-beqe-x5p8-23b9
22
vulnerability VCID-c2hc-pbr7-2yhz
23
vulnerability VCID-cn1e-v8j7-mfhp
24
vulnerability VCID-d9qm-h8q2-sfda
25
vulnerability VCID-eb9n-cwf1-fbga
26
vulnerability VCID-efzj-vsre-1ygm
27
vulnerability VCID-ep8t-7k2h-2kdp
28
vulnerability VCID-epds-vwku-cyed
29
vulnerability VCID-evtz-a8xn-e7b6
30
vulnerability VCID-ext6-8u2c-xufv
31
vulnerability VCID-f6z5-3pp9-7qey
32
vulnerability VCID-g52h-8r1h-dfhe
33
vulnerability VCID-gfwc-qjpr-6fgf
34
vulnerability VCID-gngs-dm98-eqc2
35
vulnerability VCID-hpqu-qfg1-rygw
36
vulnerability VCID-hqwn-t5mr-13ab
37
vulnerability VCID-hthn-qn9g-u3dv
38
vulnerability VCID-hvhc-kn1w-qkac
39
vulnerability VCID-jg5a-j9vb-f7hk
40
vulnerability VCID-jh4y-y7np-9fav
41
vulnerability VCID-k469-ety8-rqby
42
vulnerability VCID-kke1-d8nw-tyhj
43
vulnerability VCID-mmy3-eycu-q7bu
44
vulnerability VCID-mqut-n4an-x3cs
45
vulnerability VCID-mzzp-psnm-muhm
46
vulnerability VCID-p1dw-dttz-x7ee
47
vulnerability VCID-pcat-aa3f-kqeg
48
vulnerability VCID-ph25-5qgg-zfer
49
vulnerability VCID-ph4a-tj1g-ykc8
50
vulnerability VCID-rcmj-djgg-bqf7
51
vulnerability VCID-rjjs-an4q-6qaf
52
vulnerability VCID-ser9-x7zq-dqdv
53
vulnerability VCID-t2ys-d2mh-xygr
54
vulnerability VCID-twb2-9ane-tfdw
55
vulnerability VCID-u5rg-89bb-wbfy
56
vulnerability VCID-u9gz-jcnn-syby
57
vulnerability VCID-ughz-r7ds-6qfu
58
vulnerability VCID-uu4f-gvmj-7key
59
vulnerability VCID-uxjd-h6fd-sbgf
60
vulnerability VCID-vcth-rrmy-5qej
61
vulnerability VCID-vh4z-622g-j7d6
62
vulnerability VCID-w2a5-j7ew-mbet
63
vulnerability VCID-w71u-16bg-nke4
64
vulnerability VCID-whty-vwsm-t7gt
65
vulnerability VCID-xftu-6k5q-7ub6
66
vulnerability VCID-xvs7-58y1-3ybj
67
vulnerability VCID-xy7e-q9wh-fkh4
68
vulnerability VCID-y38f-84j9-fygf
69
vulnerability VCID-yp7c-xgj7-s3h2
70
vulnerability VCID-zc53-8p5g-2kcv
71
vulnerability VCID-zkm4-bz55-9bb8
72
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4
aliases CVE-2022-42131, GHSA-cx84-43xc-3gm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trgc-963v-9ue4
44
url VCID-twb2-9ane-tfdw
vulnerability_id VCID-twb2-9ane-tfdw
summary Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, which allows remote users to access and edit content via the API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43799
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.22463
published_at 2026-06-13T12:55:00Z
1
value 0.00073
scoring_system epss
scoring_elements 0.22443
published_at 2026-06-14T12:55:00Z
2
value 0.00073
scoring_system epss
scoring_elements 0.22258
published_at 2026-06-11T12:55:00Z
3
value 0.00073
scoring_system epss
scoring_elements 0.2245
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43799
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43799
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43799
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43799
reference_id CVE-2025-43799
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:40:56Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43799
4
reference_url https://github.com/advisories/GHSA-43xf-59vr-g4f2
reference_id GHSA-43xf-59vr-g4f2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43xf-59vr-g4f2
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-69x9-5buz-1yht
4
vulnerability VCID-6jsv-kw7h-9yeu
5
vulnerability VCID-73u9-6qzv-t7f7
6
vulnerability VCID-7bjy-2h8a-ukbe
7
vulnerability VCID-9seq-71yb-tfcf
8
vulnerability VCID-beqe-x5p8-23b9
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-dztj-3hzz-3bcg
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hthn-qn9g-u3dv
17
vulnerability VCID-j2r3-g95d-hued
18
vulnerability VCID-kke1-d8nw-tyhj
19
vulnerability VCID-mmy3-eycu-q7bu
20
vulnerability VCID-p1dw-dttz-x7ee
21
vulnerability VCID-p3dp-ku5j-yke9
22
vulnerability VCID-ph25-5qgg-zfer
23
vulnerability VCID-qxsh-hm7q-5ban
24
vulnerability VCID-rcmj-djgg-bqf7
25
vulnerability VCID-tgj6-8vhq-23ae
26
vulnerability VCID-u5rg-89bb-wbfy
27
vulnerability VCID-vcth-rrmy-5qej
28
vulnerability VCID-w2a5-j7ew-mbet
29
vulnerability VCID-w71u-16bg-nke4
30
vulnerability VCID-whty-vwsm-t7gt
31
vulnerability VCID-xftu-6k5q-7ub6
32
vulnerability VCID-xvs7-58y1-3ybj
33
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2025-43799, GHSA-43xf-59vr-g4f2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twb2-9ane-tfdw
45
url VCID-u5rg-89bb-wbfy
vulnerability_id VCID-u5rg-89bb-wbfy
summary Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form with a rich text type field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43830
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09382
published_at 2026-06-11T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09436
published_at 2026-06-12T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10332
published_at 2026-06-13T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10309
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43830
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43830
reference_id CVE-2025-43830
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-08T13:36:35Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43830
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43830
reference_id CVE-2025-43830
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43830
4
reference_url https://github.com/advisories/GHSA-378f-8q54-3fqx
reference_id GHSA-378f-8q54-3fqx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-378f-8q54-3fqx
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-43830, GHSA-378f-8q54-3fqx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5rg-89bb-wbfy
46
url VCID-u9gz-jcnn-syby
vulnerability_id VCID-u9gz-jcnn-syby
summary Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the p_l_back_url parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26272
reference_id
reference_type
scores
0
value 0.03261
scoring_system epss
scoring_elements 0.8748
published_at 2026-06-14T12:55:00Z
1
value 0.03261
scoring_system epss
scoring_elements 0.87434
published_at 2026-06-11T12:55:00Z
2
value 0.03261
scoring_system epss
scoring_elements 0.87478
published_at 2026-06-12T12:55:00Z
3
value 0.03261
scoring_system epss
scoring_elements 0.87483
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26272
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26272
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26272
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26272
reference_id CVE-2024-26272
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:15:06Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26272
4
reference_url https://github.com/advisories/GHSA-p63m-vmjr-wg37
reference_id GHSA-p63m-vmjr-wg37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p63m-vmjr-wg37
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-69x9-5buz-1yht
4
vulnerability VCID-6jsv-kw7h-9yeu
5
vulnerability VCID-73u9-6qzv-t7f7
6
vulnerability VCID-7bjy-2h8a-ukbe
7
vulnerability VCID-9seq-71yb-tfcf
8
vulnerability VCID-beqe-x5p8-23b9
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-dztj-3hzz-3bcg
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hthn-qn9g-u3dv
17
vulnerability VCID-j2r3-g95d-hued
18
vulnerability VCID-kke1-d8nw-tyhj
19
vulnerability VCID-mmy3-eycu-q7bu
20
vulnerability VCID-p1dw-dttz-x7ee
21
vulnerability VCID-p3dp-ku5j-yke9
22
vulnerability VCID-ph25-5qgg-zfer
23
vulnerability VCID-qxsh-hm7q-5ban
24
vulnerability VCID-rcmj-djgg-bqf7
25
vulnerability VCID-tgj6-8vhq-23ae
26
vulnerability VCID-u5rg-89bb-wbfy
27
vulnerability VCID-vcth-rrmy-5qej
28
vulnerability VCID-w2a5-j7ew-mbet
29
vulnerability VCID-w71u-16bg-nke4
30
vulnerability VCID-whty-vwsm-t7gt
31
vulnerability VCID-xftu-6k5q-7ub6
32
vulnerability VCID-xvs7-58y1-3ybj
33
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2024-26272, GHSA-p63m-vmjr-wg37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9gz-jcnn-syby
47
url VCID-ughz-r7ds-6qfu
vulnerability_id VCID-ughz-r7ds-6qfu
summary SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33945
reference_id
reference_type
scores
0
value 0.00651
scoring_system epss
scoring_elements 0.71444
published_at 2026-06-14T12:55:00Z
1
value 0.00651
scoring_system epss
scoring_elements 0.71346
published_at 2026-06-11T12:55:00Z
2
value 0.00651
scoring_system epss
scoring_elements 0.71445
published_at 2026-06-13T12:55:00Z
3
value 0.00651
scoring_system epss
scoring_elements 0.71433
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33945
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33945
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33945
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33945
reference_id cve-2023-33945
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:49:11Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33945
4
reference_url https://github.com/advisories/GHSA-g7vw-43xg-8m4h
reference_id GHSA-g7vw-43xg-8m4h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g7vw-43xg-8m4h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.18
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-99sz-6eag-3kff
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-a62g-s5j4-73fr
17
vulnerability VCID-beqe-x5p8-23b9
18
vulnerability VCID-c2hc-pbr7-2yhz
19
vulnerability VCID-d9qm-h8q2-sfda
20
vulnerability VCID-deaj-uts6-aqb5
21
vulnerability VCID-dztj-3hzz-3bcg
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-ep8t-7k2h-2kdp
24
vulnerability VCID-epds-vwku-cyed
25
vulnerability VCID-evtz-a8xn-e7b6
26
vulnerability VCID-ext6-8u2c-xufv
27
vulnerability VCID-f6z5-3pp9-7qey
28
vulnerability VCID-gfwc-qjpr-6fgf
29
vulnerability VCID-gngs-dm98-eqc2
30
vulnerability VCID-hqwn-t5mr-13ab
31
vulnerability VCID-hthn-qn9g-u3dv
32
vulnerability VCID-j2r3-g95d-hued
33
vulnerability VCID-jg5a-j9vb-f7hk
34
vulnerability VCID-k56t-ry18-zbg4
35
vulnerability VCID-kke1-d8nw-tyhj
36
vulnerability VCID-mmy3-eycu-q7bu
37
vulnerability VCID-p1dw-dttz-x7ee
38
vulnerability VCID-p3dp-ku5j-yke9
39
vulnerability VCID-pcat-aa3f-kqeg
40
vulnerability VCID-ph25-5qgg-zfer
41
vulnerability VCID-rcmj-djgg-bqf7
42
vulnerability VCID-rjjs-an4q-6qaf
43
vulnerability VCID-ser9-x7zq-dqdv
44
vulnerability VCID-twb2-9ane-tfdw
45
vulnerability VCID-u5rg-89bb-wbfy
46
vulnerability VCID-u9gz-jcnn-syby
47
vulnerability VCID-vcth-rrmy-5qej
48
vulnerability VCID-vh4z-622g-j7d6
49
vulnerability VCID-w2a5-j7ew-mbet
50
vulnerability VCID-w71u-16bg-nke4
51
vulnerability VCID-whty-vwsm-t7gt
52
vulnerability VCID-xftu-6k5q-7ub6
53
vulnerability VCID-xvs7-58y1-3ybj
54
vulnerability VCID-y38f-84j9-fygf
55
vulnerability VCID-yagv-6mp3-v7hf
56
vulnerability VCID-yp7c-xgj7-s3h2
57
vulnerability VCID-zc53-8p5g-2kcv
58
vulnerability VCID-zkm4-bz55-9bb8
59
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.18
aliases CVE-2023-33945, GHSA-g7vw-43xg-8m4h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ughz-r7ds-6qfu
48
url VCID-umd8-9ypn-zkdk
vulnerability_id VCID-umd8-9ypn-zkdk
summary In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25148
reference_id
reference_type
scores
0
value 0.00433
scoring_system epss
scoring_elements 0.63306
published_at 2026-06-12T12:55:00Z
1
value 0.00433
scoring_system epss
scoring_elements 0.63315
published_at 2026-06-14T12:55:00Z
2
value 0.00433
scoring_system epss
scoring_elements 0.63204
published_at 2026-06-11T12:55:00Z
3
value 0.00433
scoring_system epss
scoring_elements 0.63318
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25148
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148
reference_id cve-2024-25148
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T17:33:36Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25148
reference_id CVE-2024-25148
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25148
4
reference_url https://github.com/advisories/GHSA-qwj8-qgpr-8crm
reference_id GHSA-qwj8-qgpr-8crm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwj8-qgpr-8crm
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5gqq-m36a-53b6
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6e5j-scss-jucz
10
vulnerability VCID-6f8z-s1fz-57b2
11
vulnerability VCID-6jsv-kw7h-9yeu
12
vulnerability VCID-6jw2-chce-suhn
13
vulnerability VCID-72my-1zwg-a7hx
14
vulnerability VCID-73u9-6qzv-t7f7
15
vulnerability VCID-7bjy-2h8a-ukbe
16
vulnerability VCID-7tdg-swnf-53cb
17
vulnerability VCID-88u7-stft-ebdh
18
vulnerability VCID-9u32-4n1x-77ce
19
vulnerability VCID-9v1n-scdh-a3du
20
vulnerability VCID-a62g-s5j4-73fr
21
vulnerability VCID-c2hc-pbr7-2yhz
22
vulnerability VCID-cn1e-v8j7-mfhp
23
vulnerability VCID-d3cx-1jmf-cfc4
24
vulnerability VCID-d9qm-h8q2-sfda
25
vulnerability VCID-eb9n-cwf1-fbga
26
vulnerability VCID-ed9v-m3q5-6yaq
27
vulnerability VCID-efzj-vsre-1ygm
28
vulnerability VCID-ep8t-7k2h-2kdp
29
vulnerability VCID-epds-vwku-cyed
30
vulnerability VCID-evtz-a8xn-e7b6
31
vulnerability VCID-ext6-8u2c-xufv
32
vulnerability VCID-f6z5-3pp9-7qey
33
vulnerability VCID-g52h-8r1h-dfhe
34
vulnerability VCID-gfwc-qjpr-6fgf
35
vulnerability VCID-gngs-dm98-eqc2
36
vulnerability VCID-hpqu-qfg1-rygw
37
vulnerability VCID-hqwn-t5mr-13ab
38
vulnerability VCID-hthn-qn9g-u3dv
39
vulnerability VCID-hvhc-kn1w-qkac
40
vulnerability VCID-jg5a-j9vb-f7hk
41
vulnerability VCID-jh4y-y7np-9fav
42
vulnerability VCID-k469-ety8-rqby
43
vulnerability VCID-kke1-d8nw-tyhj
44
vulnerability VCID-mmy3-eycu-q7bu
45
vulnerability VCID-mqut-n4an-x3cs
46
vulnerability VCID-mzzp-psnm-muhm
47
vulnerability VCID-n634-fspx-judk
48
vulnerability VCID-p1dw-dttz-x7ee
49
vulnerability VCID-pcat-aa3f-kqeg
50
vulnerability VCID-ph25-5qgg-zfer
51
vulnerability VCID-ph4a-tj1g-ykc8
52
vulnerability VCID-rcmj-djgg-bqf7
53
vulnerability VCID-rjjs-an4q-6qaf
54
vulnerability VCID-ser9-x7zq-dqdv
55
vulnerability VCID-t2ys-d2mh-xygr
56
vulnerability VCID-tgpb-tps9-wfd5
57
vulnerability VCID-trgc-963v-9ue4
58
vulnerability VCID-twb2-9ane-tfdw
59
vulnerability VCID-u5rg-89bb-wbfy
60
vulnerability VCID-u9gz-jcnn-syby
61
vulnerability VCID-ughz-r7ds-6qfu
62
vulnerability VCID-uu4f-gvmj-7key
63
vulnerability VCID-uxjd-h6fd-sbgf
64
vulnerability VCID-vcth-rrmy-5qej
65
vulnerability VCID-vh4z-622g-j7d6
66
vulnerability VCID-w2a5-j7ew-mbet
67
vulnerability VCID-w71u-16bg-nke4
68
vulnerability VCID-whty-vwsm-t7gt
69
vulnerability VCID-xftu-6k5q-7ub6
70
vulnerability VCID-xvs7-58y1-3ybj
71
vulnerability VCID-xy7e-q9wh-fkh4
72
vulnerability VCID-y38f-84j9-fygf
73
vulnerability VCID-yp7c-xgj7-s3h2
74
vulnerability VCID-zc53-8p5g-2kcv
75
vulnerability VCID-zkm4-bz55-9bb8
76
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2
aliases CVE-2024-25148, GHSA-qwj8-qgpr-8crm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umd8-9ypn-zkdk
49
url VCID-uu4f-gvmj-7key
vulnerability_id VCID-uu4f-gvmj-7key
summary In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25610
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28249
published_at 2026-06-11T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.2846
published_at 2026-06-14T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.28445
published_at 2026-06-12T12:55:00Z
3
value 0.00106
scoring_system epss
scoring_elements 0.2847
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25610
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610
reference_id cve-2024-25610
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-28T13:32:33Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25610
reference_id CVE-2024-25610
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25610
4
reference_url https://github.com/advisories/GHSA-vvpf-53qx-cxhh
reference_id GHSA-vvpf-53qx-cxhh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vvpf-53qx-cxhh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-d9qm-h8q2-sfda
21
vulnerability VCID-deaj-uts6-aqb5
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-gfwc-qjpr-6fgf
30
vulnerability VCID-gngs-dm98-eqc2
31
vulnerability VCID-hqwn-t5mr-13ab
32
vulnerability VCID-hthn-qn9g-u3dv
33
vulnerability VCID-j2r3-g95d-hued
34
vulnerability VCID-jg5a-j9vb-f7hk
35
vulnerability VCID-jh4y-y7np-9fav
36
vulnerability VCID-k56t-ry18-zbg4
37
vulnerability VCID-kke1-d8nw-tyhj
38
vulnerability VCID-mmy3-eycu-q7bu
39
vulnerability VCID-p1dw-dttz-x7ee
40
vulnerability VCID-p3dp-ku5j-yke9
41
vulnerability VCID-pcat-aa3f-kqeg
42
vulnerability VCID-ph25-5qgg-zfer
43
vulnerability VCID-rcmj-djgg-bqf7
44
vulnerability VCID-rjjs-an4q-6qaf
45
vulnerability VCID-ser9-x7zq-dqdv
46
vulnerability VCID-twb2-9ane-tfdw
47
vulnerability VCID-u5rg-89bb-wbfy
48
vulnerability VCID-u9gz-jcnn-syby
49
vulnerability VCID-ughz-r7ds-6qfu
50
vulnerability VCID-uxjd-h6fd-sbgf
51
vulnerability VCID-vcth-rrmy-5qej
52
vulnerability VCID-vh4z-622g-j7d6
53
vulnerability VCID-w2a5-j7ew-mbet
54
vulnerability VCID-w71u-16bg-nke4
55
vulnerability VCID-whty-vwsm-t7gt
56
vulnerability VCID-xftu-6k5q-7ub6
57
vulnerability VCID-xvs7-58y1-3ybj
58
vulnerability VCID-y38f-84j9-fygf
59
vulnerability VCID-yagv-6mp3-v7hf
60
vulnerability VCID-yp7c-xgj7-s3h2
61
vulnerability VCID-zc53-8p5g-2kcv
62
vulnerability VCID-zkm4-bz55-9bb8
63
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13
aliases CVE-2024-25610, GHSA-vvpf-53qx-cxhh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uu4f-gvmj-7key
50
url VCID-uxjd-h6fd-sbgf
vulnerability_id VCID-uxjd-h6fd-sbgf
summary HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25609
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49914
published_at 2026-06-13T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.499
published_at 2026-06-14T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49759
published_at 2026-06-11T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49895
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25609
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362
3
reference_url https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a
4
reference_url https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed
5
reference_url https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d
6
reference_url https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0
7
reference_url https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886
8
reference_url https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003
9
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609
reference_id cve-2024-25609
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T19:18:48Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25609
reference_id CVE-2024-25609
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25609
11
reference_url https://github.com/advisories/GHSA-3qq5-wcrx-4h8r
reference_id GHSA-3qq5-wcrx-4h8r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3qq5-wcrx-4h8r
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13-ga13
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13-ga13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13-ga13
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-72my-1zwg-a7hx
12
vulnerability VCID-73u9-6qzv-t7f7
13
vulnerability VCID-7bjy-2h8a-ukbe
14
vulnerability VCID-9u32-4n1x-77ce
15
vulnerability VCID-9v1n-scdh-a3du
16
vulnerability VCID-a62g-s5j4-73fr
17
vulnerability VCID-beqe-x5p8-23b9
18
vulnerability VCID-c2hc-pbr7-2yhz
19
vulnerability VCID-d9qm-h8q2-sfda
20
vulnerability VCID-deaj-uts6-aqb5
21
vulnerability VCID-eb9n-cwf1-fbga
22
vulnerability VCID-efzj-vsre-1ygm
23
vulnerability VCID-ep8t-7k2h-2kdp
24
vulnerability VCID-epds-vwku-cyed
25
vulnerability VCID-evtz-a8xn-e7b6
26
vulnerability VCID-ext6-8u2c-xufv
27
vulnerability VCID-f6z5-3pp9-7qey
28
vulnerability VCID-gfwc-qjpr-6fgf
29
vulnerability VCID-gngs-dm98-eqc2
30
vulnerability VCID-hqwn-t5mr-13ab
31
vulnerability VCID-hthn-qn9g-u3dv
32
vulnerability VCID-j2r3-g95d-hued
33
vulnerability VCID-jg5a-j9vb-f7hk
34
vulnerability VCID-k56t-ry18-zbg4
35
vulnerability VCID-kke1-d8nw-tyhj
36
vulnerability VCID-mmy3-eycu-q7bu
37
vulnerability VCID-p1dw-dttz-x7ee
38
vulnerability VCID-p3dp-ku5j-yke9
39
vulnerability VCID-pcat-aa3f-kqeg
40
vulnerability VCID-ph25-5qgg-zfer
41
vulnerability VCID-rcmj-djgg-bqf7
42
vulnerability VCID-rjjs-an4q-6qaf
43
vulnerability VCID-ser9-x7zq-dqdv
44
vulnerability VCID-twb2-9ane-tfdw
45
vulnerability VCID-u5rg-89bb-wbfy
46
vulnerability VCID-u9gz-jcnn-syby
47
vulnerability VCID-ughz-r7ds-6qfu
48
vulnerability VCID-vcth-rrmy-5qej
49
vulnerability VCID-vh4z-622g-j7d6
50
vulnerability VCID-w2a5-j7ew-mbet
51
vulnerability VCID-w71u-16bg-nke4
52
vulnerability VCID-whty-vwsm-t7gt
53
vulnerability VCID-xftu-6k5q-7ub6
54
vulnerability VCID-xvs7-58y1-3ybj
55
vulnerability VCID-y38f-84j9-fygf
56
vulnerability VCID-yagv-6mp3-v7hf
57
vulnerability VCID-yp7c-xgj7-s3h2
58
vulnerability VCID-zc53-8p5g-2kcv
59
vulnerability VCID-zkm4-bz55-9bb8
60
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14
aliases CVE-2024-25609, GHSA-3qq5-wcrx-4h8r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxjd-h6fd-sbgf
51
url VCID-vh4z-622g-j7d6
vulnerability_id VCID-vh4z-622g-j7d6
summary Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33940
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49761
published_at 2026-06-13T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49749
published_at 2026-06-14T12:55:00Z
2
value 0.00259
scoring_system epss
scoring_elements 0.49606
published_at 2026-06-11T12:55:00Z
3
value 0.00259
scoring_system epss
scoring_elements 0.49742
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33940
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33940
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33940
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940
reference_id cve-2023-33940
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:45:34Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940
4
reference_url https://github.com/advisories/GHSA-x82q-mr23-27jc
reference_id GHSA-x82q-mr23-27jc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x82q-mr23-27jc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.31
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-493t-ab65-pff3
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5sft-4ab1-9kcg
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-73u9-6qzv-t7f7
12
vulnerability VCID-7bjy-2h8a-ukbe
13
vulnerability VCID-99sz-6eag-3kff
14
vulnerability VCID-beqe-x5p8-23b9
15
vulnerability VCID-c2hc-pbr7-2yhz
16
vulnerability VCID-d9qm-h8q2-sfda
17
vulnerability VCID-deaj-uts6-aqb5
18
vulnerability VCID-dztj-3hzz-3bcg
19
vulnerability VCID-eb9n-cwf1-fbga
20
vulnerability VCID-ep8t-7k2h-2kdp
21
vulnerability VCID-epds-vwku-cyed
22
vulnerability VCID-evtz-a8xn-e7b6
23
vulnerability VCID-ext6-8u2c-xufv
24
vulnerability VCID-f6z5-3pp9-7qey
25
vulnerability VCID-gfwc-qjpr-6fgf
26
vulnerability VCID-gngs-dm98-eqc2
27
vulnerability VCID-hqwn-t5mr-13ab
28
vulnerability VCID-hthn-qn9g-u3dv
29
vulnerability VCID-j2r3-g95d-hued
30
vulnerability VCID-jg5a-j9vb-f7hk
31
vulnerability VCID-k56t-ry18-zbg4
32
vulnerability VCID-kke1-d8nw-tyhj
33
vulnerability VCID-mmy3-eycu-q7bu
34
vulnerability VCID-p1dw-dttz-x7ee
35
vulnerability VCID-p3dp-ku5j-yke9
36
vulnerability VCID-ph25-5qgg-zfer
37
vulnerability VCID-rcmj-djgg-bqf7
38
vulnerability VCID-ser9-x7zq-dqdv
39
vulnerability VCID-twb2-9ane-tfdw
40
vulnerability VCID-u5rg-89bb-wbfy
41
vulnerability VCID-u9gz-jcnn-syby
42
vulnerability VCID-vcth-rrmy-5qej
43
vulnerability VCID-w2a5-j7ew-mbet
44
vulnerability VCID-w71u-16bg-nke4
45
vulnerability VCID-whty-vwsm-t7gt
46
vulnerability VCID-xftu-6k5q-7ub6
47
vulnerability VCID-xvs7-58y1-3ybj
48
vulnerability VCID-y38f-84j9-fygf
49
vulnerability VCID-yagv-6mp3-v7hf
50
vulnerability VCID-yp7c-xgj7-s3h2
51
vulnerability VCID-zc53-8p5g-2kcv
52
vulnerability VCID-zkm4-bz55-9bb8
53
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.31
aliases CVE-2023-33940, GHSA-x82q-mr23-27jc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vh4z-622g-j7d6
52
url VCID-w71u-16bg-nke4
vulnerability_id VCID-w71u-16bg-nke4
summary The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data from forms.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2565
reference_id
reference_type
scores
0
value 0.00356
scoring_system epss
scoring_elements 0.5838
published_at 2026-06-12T12:55:00Z
1
value 0.00356
scoring_system epss
scoring_elements 0.58385
published_at 2026-06-14T12:55:00Z
2
value 0.00356
scoring_system epss
scoring_elements 0.58268
published_at 2026-06-11T12:55:00Z
3
value 0.00356
scoring_system epss
scoring_elements 0.58396
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2565
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2565
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2565
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-2565
reference_id cve-2025-2565
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:53:33Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-2565
4
reference_url https://github.com/advisories/GHSA-9fcg-wrp8-qhr4
reference_id GHSA-9fcg-wrp8-qhr4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fcg-wrp8-qhr4
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-beqe-x5p8-23b9
4
vulnerability VCID-c2hc-pbr7-2yhz
5
vulnerability VCID-d9qm-h8q2-sfda
6
vulnerability VCID-ep8t-7k2h-2kdp
7
vulnerability VCID-epds-vwku-cyed
8
vulnerability VCID-f6z5-3pp9-7qey
9
vulnerability VCID-hthn-qn9g-u3dv
10
vulnerability VCID-jpgh-rqqn-x7ge
11
vulnerability VCID-kke1-d8nw-tyhj
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-ph25-5qgg-zfer
14
vulnerability VCID-rcmj-djgg-bqf7
15
vulnerability VCID-vcth-rrmy-5qej
16
vulnerability VCID-w2a5-j7ew-mbet
17
vulnerability VCID-xftu-6k5q-7ub6
18
vulnerability VCID-xvs7-58y1-3ybj
19
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129
aliases CVE-2025-2565, GHSA-9fcg-wrp8-qhr4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w71u-16bg-nke4
53
url VCID-whty-vwsm-t7gt
vulnerability_id VCID-whty-vwsm-t7gt
summary Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43748
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11011
published_at 2026-06-14T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10981
published_at 2026-06-11T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11044
published_at 2026-06-12T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11042
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43748
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.atlassian.net/browse/LPE-17839
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17839
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43748
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43748
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748
reference_id CVE-2025-43748
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-22T03:55:44Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748
5
reference_url https://github.com/advisories/GHSA-p9gc-59hf-x48p
reference_id GHSA-p9gc-59hf-x48p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9gc-59hf-x48p
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jpgh-rqqn-x7ge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-9seq-71yb-tfcf
4
vulnerability VCID-beqe-x5p8-23b9
5
vulnerability VCID-c2hc-pbr7-2yhz
6
vulnerability VCID-d9qm-h8q2-sfda
7
vulnerability VCID-ep8t-7k2h-2kdp
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-f6z5-3pp9-7qey
10
vulnerability VCID-hthn-qn9g-u3dv
11
vulnerability VCID-jpgh-rqqn-x7ge
12
vulnerability VCID-kke1-d8nw-tyhj
13
vulnerability VCID-mmy3-eycu-q7bu
14
vulnerability VCID-ph25-5qgg-zfer
15
vulnerability VCID-rcmj-djgg-bqf7
16
vulnerability VCID-tgj6-8vhq-23ae
17
vulnerability VCID-vcth-rrmy-5qej
18
vulnerability VCID-w2a5-j7ew-mbet
19
vulnerability VCID-w71u-16bg-nke4
20
vulnerability VCID-xftu-6k5q-7ub6
21
vulnerability VCID-xvs7-58y1-3ybj
22
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125
aliases CVE-2025-43748, GHSA-p9gc-59hf-x48p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whty-vwsm-t7gt
54
url VCID-xftu-6k5q-7ub6
vulnerability_id VCID-xftu-6k5q-7ub6
summary SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4655
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37837
published_at 2026-06-12T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.3785
published_at 2026-06-14T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.37659
published_at 2026-06-11T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37862
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4655
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-4655
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-4655
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4655
reference_id CVE-2025-4655
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T18:52:11Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4655
4
reference_url https://github.com/advisories/GHSA-c6g5-g6r7-q4j6
reference_id GHSA-c6g5-g6r7-q4j6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6g5-g6r7-q4j6
fixed_packages
aliases CVE-2025-4655, GHSA-c6g5-g6r7-q4j6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xftu-6k5q-7ub6
55
url VCID-xy7e-q9wh-fkh4
vulnerability_id VCID-xy7e-q9wh-fkh4
summary XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25606
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.33981
published_at 2026-06-11T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.3416
published_at 2026-06-14T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.34182
published_at 2026-06-13T12:55:00Z
3
value 0.00141
scoring_system epss
scoring_elements 0.34157
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25606
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606
reference_id cve-2024-25606
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T13:32:40Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25606
reference_id CVE-2024-25606
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25606
4
reference_url https://github.com/advisories/GHSA-869h-qhfx-w939
reference_id GHSA-869h-qhfx-w939
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-869h-qhfx-w939
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.8
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-493t-ab65-pff3
4
vulnerability VCID-4m1t-nd28-43b2
5
vulnerability VCID-55fq-h94e-kuep
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-6jw2-chce-suhn
12
vulnerability VCID-72my-1zwg-a7hx
13
vulnerability VCID-73u9-6qzv-t7f7
14
vulnerability VCID-7bjy-2h8a-ukbe
15
vulnerability VCID-9u32-4n1x-77ce
16
vulnerability VCID-9v1n-scdh-a3du
17
vulnerability VCID-a62g-s5j4-73fr
18
vulnerability VCID-beqe-x5p8-23b9
19
vulnerability VCID-c2hc-pbr7-2yhz
20
vulnerability VCID-d9qm-h8q2-sfda
21
vulnerability VCID-deaj-uts6-aqb5
22
vulnerability VCID-eb9n-cwf1-fbga
23
vulnerability VCID-efzj-vsre-1ygm
24
vulnerability VCID-ep8t-7k2h-2kdp
25
vulnerability VCID-epds-vwku-cyed
26
vulnerability VCID-evtz-a8xn-e7b6
27
vulnerability VCID-ext6-8u2c-xufv
28
vulnerability VCID-f6z5-3pp9-7qey
29
vulnerability VCID-g52h-8r1h-dfhe
30
vulnerability VCID-gfwc-qjpr-6fgf
31
vulnerability VCID-gngs-dm98-eqc2
32
vulnerability VCID-hqwn-t5mr-13ab
33
vulnerability VCID-hthn-qn9g-u3dv
34
vulnerability VCID-j2r3-g95d-hued
35
vulnerability VCID-jg5a-j9vb-f7hk
36
vulnerability VCID-jh4y-y7np-9fav
37
vulnerability VCID-k56t-ry18-zbg4
38
vulnerability VCID-kke1-d8nw-tyhj
39
vulnerability VCID-mmy3-eycu-q7bu
40
vulnerability VCID-p1dw-dttz-x7ee
41
vulnerability VCID-p3dp-ku5j-yke9
42
vulnerability VCID-pcat-aa3f-kqeg
43
vulnerability VCID-ph25-5qgg-zfer
44
vulnerability VCID-ph4a-tj1g-ykc8
45
vulnerability VCID-rcmj-djgg-bqf7
46
vulnerability VCID-rjjs-an4q-6qaf
47
vulnerability VCID-ser9-x7zq-dqdv
48
vulnerability VCID-twb2-9ane-tfdw
49
vulnerability VCID-u5rg-89bb-wbfy
50
vulnerability VCID-u9gz-jcnn-syby
51
vulnerability VCID-ughz-r7ds-6qfu
52
vulnerability VCID-uu4f-gvmj-7key
53
vulnerability VCID-uxjd-h6fd-sbgf
54
vulnerability VCID-vcth-rrmy-5qej
55
vulnerability VCID-vh4z-622g-j7d6
56
vulnerability VCID-w2a5-j7ew-mbet
57
vulnerability VCID-w71u-16bg-nke4
58
vulnerability VCID-whty-vwsm-t7gt
59
vulnerability VCID-xftu-6k5q-7ub6
60
vulnerability VCID-xvs7-58y1-3ybj
61
vulnerability VCID-y38f-84j9-fygf
62
vulnerability VCID-yagv-6mp3-v7hf
63
vulnerability VCID-yp7c-xgj7-s3h2
64
vulnerability VCID-zc53-8p5g-2kcv
65
vulnerability VCID-zkm4-bz55-9bb8
66
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.8
aliases CVE-2024-25606, GHSA-869h-qhfx-w939
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xy7e-q9wh-fkh4
56
url VCID-y38f-84j9-fygf
vulnerability_id VCID-y38f-84j9-fygf
summary Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4581
reference_id
reference_type
scores
0
value 0.00195
scoring_system epss
scoring_elements 0.41474
published_at 2026-06-13T12:55:00Z
1
value 0.00195
scoring_system epss
scoring_elements 0.41465
published_at 2026-06-14T12:55:00Z
2
value 0.00195
scoring_system epss
scoring_elements 0.4129
published_at 2026-06-11T12:55:00Z
3
value 0.00195
scoring_system epss
scoring_elements 0.41456
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4581
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-4581
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-4581
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581
reference_id CVE-2025-4581
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T18:52:25Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581
4
reference_url https://github.com/advisories/GHSA-6v93-frf9-2rp8
reference_id GHSA-6v93-frf9-2rp8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6v93-frf9-2rp8
fixed_packages
aliases CVE-2025-4581, GHSA-6v93-frf9-2rp8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y38f-84j9-fygf
57
url VCID-yp7c-xgj7-s3h2
vulnerability_id VCID-yp7c-xgj7-s3h2
summary Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26269
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.34833
published_at 2026-06-11T12:55:00Z
1
value 0.00147
scoring_system epss
scoring_elements 0.35016
published_at 2026-06-14T12:55:00Z
2
value 0.00147
scoring_system epss
scoring_elements 0.35013
published_at 2026-06-12T12:55:00Z
3
value 0.00147
scoring_system epss
scoring_elements 0.35036
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26269
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269
reference_id cve-2024-26269
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T16:16:54Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26269
reference_id CVE-2024-26269
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26269
4
reference_url https://github.com/advisories/GHSA-rwhv-hvj2-qrqm
reference_id GHSA-rwhv-hvj2-qrqm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwhv-hvj2-qrqm
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.38
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-493t-ab65-pff3
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5rce-t9wm-4ycx
6
vulnerability VCID-5sft-4ab1-9kcg
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6f8z-s1fz-57b2
10
vulnerability VCID-6jsv-kw7h-9yeu
11
vulnerability VCID-73u9-6qzv-t7f7
12
vulnerability VCID-7bjy-2h8a-ukbe
13
vulnerability VCID-99sz-6eag-3kff
14
vulnerability VCID-beqe-x5p8-23b9
15
vulnerability VCID-c2hc-pbr7-2yhz
16
vulnerability VCID-d9qm-h8q2-sfda
17
vulnerability VCID-deaj-uts6-aqb5
18
vulnerability VCID-dztj-3hzz-3bcg
19
vulnerability VCID-eb9n-cwf1-fbga
20
vulnerability VCID-ep8t-7k2h-2kdp
21
vulnerability VCID-epds-vwku-cyed
22
vulnerability VCID-evtz-a8xn-e7b6
23
vulnerability VCID-ext6-8u2c-xufv
24
vulnerability VCID-f6z5-3pp9-7qey
25
vulnerability VCID-gfwc-qjpr-6fgf
26
vulnerability VCID-gngs-dm98-eqc2
27
vulnerability VCID-hqwn-t5mr-13ab
28
vulnerability VCID-hthn-qn9g-u3dv
29
vulnerability VCID-j2r3-g95d-hued
30
vulnerability VCID-k56t-ry18-zbg4
31
vulnerability VCID-kke1-d8nw-tyhj
32
vulnerability VCID-mmy3-eycu-q7bu
33
vulnerability VCID-p1dw-dttz-x7ee
34
vulnerability VCID-p3dp-ku5j-yke9
35
vulnerability VCID-ph25-5qgg-zfer
36
vulnerability VCID-rcmj-djgg-bqf7
37
vulnerability VCID-ser9-x7zq-dqdv
38
vulnerability VCID-tkws-gscx-pff6
39
vulnerability VCID-twb2-9ane-tfdw
40
vulnerability VCID-u5rg-89bb-wbfy
41
vulnerability VCID-u9gz-jcnn-syby
42
vulnerability VCID-vcth-rrmy-5qej
43
vulnerability VCID-w2a5-j7ew-mbet
44
vulnerability VCID-w71u-16bg-nke4
45
vulnerability VCID-whty-vwsm-t7gt
46
vulnerability VCID-xftu-6k5q-7ub6
47
vulnerability VCID-xvs7-58y1-3ybj
48
vulnerability VCID-y38f-84j9-fygf
49
vulnerability VCID-zc53-8p5g-2kcv
50
vulnerability VCID-zkm4-bz55-9bb8
51
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.38
aliases CVE-2024-26269, GHSA-rwhv-hvj2-qrqm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp7c-xgj7-s3h2
58
url VCID-z611-svpn-m7b1
vulnerability_id VCID-z611-svpn-m7b1
summary A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42122
reference_id
reference_type
scores
0
value 0.00815
scoring_system epss
scoring_elements 0.74804
published_at 2026-06-14T12:55:00Z
1
value 0.00815
scoring_system epss
scoring_elements 0.74723
published_at 2026-06-11T12:55:00Z
2
value 0.00815
scoring_system epss
scoring_elements 0.74795
published_at 2026-06-12T12:55:00Z
3
value 0.00815
scoring_system epss
scoring_elements 0.74807
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42122
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42122?p_r_p_assetEntryId=121613466&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613466%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42122?p_r_p_assetEntryId=121613466&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613466%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
3
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42122
reference_id cve-2022-42122
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:59:30Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42122
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42122
reference_id CVE-2022-42122
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42122
5
reference_url https://web.archive.org/web/20221115051621/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42122
reference_id CVE-2022-42122
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221115051621/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42122
6
reference_url https://github.com/advisories/GHSA-hw56-7xj4-7gx6
reference_id GHSA-hw56-7xj4-7gx6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hw56-7xj4-7gx6
7
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:59:30Z/
url http://liferay.com
8
reference_url https://issues.liferay.com/browse/LPE-17520
reference_id LPE-17520
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:59:30Z/
url https://issues.liferay.com/browse/LPE-17520
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.0-ga1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.0-ga1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-73u9-6qzv-t7f7
8
vulnerability VCID-7bjy-2h8a-ukbe
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-eb9n-cwf1-fbga
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-ext6-8u2c-xufv
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hqwn-t5mr-13ab
17
vulnerability VCID-rcmj-djgg-bqf7
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-xvs7-58y1-3ybj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.0-ga1
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.1
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4m1t-nd28-43b2
4
vulnerability VCID-55fq-h94e-kuep
5
vulnerability VCID-5gqq-m36a-53b6
6
vulnerability VCID-5rce-t9wm-4ycx
7
vulnerability VCID-5ytw-d875-3yfe
8
vulnerability VCID-69x9-5buz-1yht
9
vulnerability VCID-6e5j-scss-jucz
10
vulnerability VCID-6f8z-s1fz-57b2
11
vulnerability VCID-6jsv-kw7h-9yeu
12
vulnerability VCID-6jw2-chce-suhn
13
vulnerability VCID-72my-1zwg-a7hx
14
vulnerability VCID-73u9-6qzv-t7f7
15
vulnerability VCID-7bjy-2h8a-ukbe
16
vulnerability VCID-7tdg-swnf-53cb
17
vulnerability VCID-88u7-stft-ebdh
18
vulnerability VCID-9u32-4n1x-77ce
19
vulnerability VCID-9v1n-scdh-a3du
20
vulnerability VCID-a62g-s5j4-73fr
21
vulnerability VCID-ank8-p9qa-9udx
22
vulnerability VCID-c2hc-pbr7-2yhz
23
vulnerability VCID-cn1e-v8j7-mfhp
24
vulnerability VCID-d3cx-1jmf-cfc4
25
vulnerability VCID-d9qm-h8q2-sfda
26
vulnerability VCID-eb9n-cwf1-fbga
27
vulnerability VCID-ed9v-m3q5-6yaq
28
vulnerability VCID-efzj-vsre-1ygm
29
vulnerability VCID-ep8t-7k2h-2kdp
30
vulnerability VCID-epds-vwku-cyed
31
vulnerability VCID-evtz-a8xn-e7b6
32
vulnerability VCID-ext6-8u2c-xufv
33
vulnerability VCID-f6z5-3pp9-7qey
34
vulnerability VCID-g52h-8r1h-dfhe
35
vulnerability VCID-gfwc-qjpr-6fgf
36
vulnerability VCID-gngs-dm98-eqc2
37
vulnerability VCID-hpqu-qfg1-rygw
38
vulnerability VCID-hqwn-t5mr-13ab
39
vulnerability VCID-hthn-qn9g-u3dv
40
vulnerability VCID-hvhc-kn1w-qkac
41
vulnerability VCID-jg5a-j9vb-f7hk
42
vulnerability VCID-jh4y-y7np-9fav
43
vulnerability VCID-k469-ety8-rqby
44
vulnerability VCID-kke1-d8nw-tyhj
45
vulnerability VCID-mmy3-eycu-q7bu
46
vulnerability VCID-mqut-n4an-x3cs
47
vulnerability VCID-mzzp-psnm-muhm
48
vulnerability VCID-n634-fspx-judk
49
vulnerability VCID-p1dw-dttz-x7ee
50
vulnerability VCID-pcat-aa3f-kqeg
51
vulnerability VCID-ph25-5qgg-zfer
52
vulnerability VCID-ph4a-tj1g-ykc8
53
vulnerability VCID-qztv-899y-sbb8
54
vulnerability VCID-rcmj-djgg-bqf7
55
vulnerability VCID-rjjs-an4q-6qaf
56
vulnerability VCID-ser9-x7zq-dqdv
57
vulnerability VCID-t2ys-d2mh-xygr
58
vulnerability VCID-tgpb-tps9-wfd5
59
vulnerability VCID-trgc-963v-9ue4
60
vulnerability VCID-twb2-9ane-tfdw
61
vulnerability VCID-u5rg-89bb-wbfy
62
vulnerability VCID-u9gz-jcnn-syby
63
vulnerability VCID-ughz-r7ds-6qfu
64
vulnerability VCID-umd8-9ypn-zkdk
65
vulnerability VCID-uu4f-gvmj-7key
66
vulnerability VCID-uxjd-h6fd-sbgf
67
vulnerability VCID-vcth-rrmy-5qej
68
vulnerability VCID-vh4z-622g-j7d6
69
vulnerability VCID-w2a5-j7ew-mbet
70
vulnerability VCID-w71u-16bg-nke4
71
vulnerability VCID-whty-vwsm-t7gt
72
vulnerability VCID-xftu-6k5q-7ub6
73
vulnerability VCID-xvs7-58y1-3ybj
74
vulnerability VCID-xy7e-q9wh-fkh4
75
vulnerability VCID-y38f-84j9-fygf
76
vulnerability VCID-yp7c-xgj7-s3h2
77
vulnerability VCID-zc53-8p5g-2kcv
78
vulnerability VCID-zkm4-bz55-9bb8
79
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.1
aliases CVE-2022-42122, GHSA-hw56-7xj4-7gx6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z611-svpn-m7b1
59
url VCID-zc53-8p5g-2kcv
vulnerability_id VCID-zc53-8p5g-2kcv
summary Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42496
reference_id
reference_type
scores
0
value 0.0044
scoring_system epss
scoring_elements 0.63626
published_at 2026-06-11T12:55:00Z
1
value 0.0044
scoring_system epss
scoring_elements 0.63739
published_at 2026-06-14T12:55:00Z
2
value 0.0044
scoring_system epss
scoring_elements 0.63728
published_at 2026-06-12T12:55:00Z
3
value 0.0044
scoring_system epss
scoring_elements 0.63742
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42496
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496
reference_id cve-2023-42496
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:07:22Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42496
reference_id CVE-2023-42496
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42496
4
reference_url https://github.com/advisories/GHSA-54pv-r62j-9qqc
reference_id GHSA-54pv-r62j-9qqc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54pv-r62j-9qqc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-dztj-3hzz-3bcg
17
vulnerability VCID-eb9n-cwf1-fbga
18
vulnerability VCID-ep8t-7k2h-2kdp
19
vulnerability VCID-epds-vwku-cyed
20
vulnerability VCID-evtz-a8xn-e7b6
21
vulnerability VCID-ext6-8u2c-xufv
22
vulnerability VCID-f6z5-3pp9-7qey
23
vulnerability VCID-gfwc-qjpr-6fgf
24
vulnerability VCID-hqwn-t5mr-13ab
25
vulnerability VCID-hthn-qn9g-u3dv
26
vulnerability VCID-j2r3-g95d-hued
27
vulnerability VCID-k7dn-nb9d-ckdk
28
vulnerability VCID-kke1-d8nw-tyhj
29
vulnerability VCID-mmy3-eycu-q7bu
30
vulnerability VCID-p1dw-dttz-x7ee
31
vulnerability VCID-p3dp-ku5j-yke9
32
vulnerability VCID-ph25-5qgg-zfer
33
vulnerability VCID-qxsh-hm7q-5ban
34
vulnerability VCID-rcmj-djgg-bqf7
35
vulnerability VCID-tgj6-8vhq-23ae
36
vulnerability VCID-tkws-gscx-pff6
37
vulnerability VCID-twb2-9ane-tfdw
38
vulnerability VCID-twyc-srx8-fudj
39
vulnerability VCID-u5rg-89bb-wbfy
40
vulnerability VCID-u9gz-jcnn-syby
41
vulnerability VCID-vcth-rrmy-5qej
42
vulnerability VCID-w2a5-j7ew-mbet
43
vulnerability VCID-w71u-16bg-nke4
44
vulnerability VCID-whty-vwsm-t7gt
45
vulnerability VCID-xftu-6k5q-7ub6
46
vulnerability VCID-xvs7-58y1-3ybj
47
vulnerability VCID-y38f-84j9-fygf
48
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
aliases CVE-2023-42496, GHSA-54pv-r62j-9qqc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zc53-8p5g-2kcv
60
url VCID-zkm4-bz55-9bb8
vulnerability_id VCID-zkm4-bz55-9bb8
summary Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38976
published_at 2026-06-12T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.3899
published_at 2026-06-14T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.38804
published_at 2026-06-11T12:55:00Z
3
value 0.00175
scoring_system epss
scoring_elements 0.38999
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
reference_id CVE-2023-37940
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
4
reference_url https://github.com/advisories/GHSA-px38-239g-x5mg
reference_id GHSA-px38-239g-x5mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-px38-239g-x5mg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-deaj-uts6-aqb5
17
vulnerability VCID-dztj-3hzz-3bcg
18
vulnerability VCID-eb9n-cwf1-fbga
19
vulnerability VCID-ep8t-7k2h-2kdp
20
vulnerability VCID-epds-vwku-cyed
21
vulnerability VCID-evtz-a8xn-e7b6
22
vulnerability VCID-ext6-8u2c-xufv
23
vulnerability VCID-f6z5-3pp9-7qey
24
vulnerability VCID-gfwc-qjpr-6fgf
25
vulnerability VCID-hqwn-t5mr-13ab
26
vulnerability VCID-hthn-qn9g-u3dv
27
vulnerability VCID-j2r3-g95d-hued
28
vulnerability VCID-k7dn-nb9d-ckdk
29
vulnerability VCID-kke1-d8nw-tyhj
30
vulnerability VCID-mmy3-eycu-q7bu
31
vulnerability VCID-p1dw-dttz-x7ee
32
vulnerability VCID-p3dp-ku5j-yke9
33
vulnerability VCID-pac3-4jrs-pqdg
34
vulnerability VCID-ph25-5qgg-zfer
35
vulnerability VCID-qxsh-hm7q-5ban
36
vulnerability VCID-rcmj-djgg-bqf7
37
vulnerability VCID-tgj6-8vhq-23ae
38
vulnerability VCID-tkws-gscx-pff6
39
vulnerability VCID-twb2-9ane-tfdw
40
vulnerability VCID-twyc-srx8-fudj
41
vulnerability VCID-u5rg-89bb-wbfy
42
vulnerability VCID-u9gz-jcnn-syby
43
vulnerability VCID-vcth-rrmy-5qej
44
vulnerability VCID-w2a5-j7ew-mbet
45
vulnerability VCID-w71u-16bg-nke4
46
vulnerability VCID-whty-vwsm-t7gt
47
vulnerability VCID-xftu-6k5q-7ub6
48
vulnerability VCID-xvs7-58y1-3ybj
49
vulnerability VCID-y38f-84j9-fygf
50
vulnerability VCID-zc53-8p5g-2kcv
51
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88
aliases CVE-2023-37940, GHSA-px38-239g-x5mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkm4-bz55-9bb8
61
url VCID-zn2s-8c79-x7h3
vulnerability_id VCID-zn2s-8c79-x7h3
summary 
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173
 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8980
reference_id
reference_type
scores
0
value 0.00381
scoring_system epss
scoring_elements 0.60057
published_at 2026-06-12T12:55:00Z
1
value 0.00381
scoring_system epss
scoring_elements 0.60061
published_at 2026-06-14T12:55:00Z
2
value 0.00381
scoring_system epss
scoring_elements 0.59949
published_at 2026-06-11T12:55:00Z
3
value 0.00381
scoring_system epss
scoring_elements 0.60068
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8980
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8980
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8980
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980
reference_id CVE-2024-8980
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:02:17Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980
4
reference_url https://github.com/advisories/GHSA-chj2-4vg7-hhg3
reference_id GHSA-chj2-4vg7-hhg3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chj2-4vg7-hhg3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-9seq-71yb-tfcf
11
vulnerability VCID-beqe-x5p8-23b9
12
vulnerability VCID-c2hc-pbr7-2yhz
13
vulnerability VCID-d9qm-h8q2-sfda
14
vulnerability VCID-dztj-3hzz-3bcg
15
vulnerability VCID-eb9n-cwf1-fbga
16
vulnerability VCID-ep8t-7k2h-2kdp
17
vulnerability VCID-epds-vwku-cyed
18
vulnerability VCID-evtz-a8xn-e7b6
19
vulnerability VCID-f6z5-3pp9-7qey
20
vulnerability VCID-gfwc-qjpr-6fgf
21
vulnerability VCID-hthn-qn9g-u3dv
22
vulnerability VCID-j2r3-g95d-hued
23
vulnerability VCID-k7dn-nb9d-ckdk
24
vulnerability VCID-kke1-d8nw-tyhj
25
vulnerability VCID-mmy3-eycu-q7bu
26
vulnerability VCID-p1dw-dttz-x7ee
27
vulnerability VCID-p3dp-ku5j-yke9
28
vulnerability VCID-ph25-5qgg-zfer
29
vulnerability VCID-qxsh-hm7q-5ban
30
vulnerability VCID-rcmj-djgg-bqf7
31
vulnerability VCID-tgj6-8vhq-23ae
32
vulnerability VCID-tkws-gscx-pff6
33
vulnerability VCID-twb2-9ane-tfdw
34
vulnerability VCID-u5rg-89bb-wbfy
35
vulnerability VCID-u9gz-jcnn-syby
36
vulnerability VCID-vcth-rrmy-5qej
37
vulnerability VCID-w2a5-j7ew-mbet
38
vulnerability VCID-w71u-16bg-nke4
39
vulnerability VCID-whty-vwsm-t7gt
40
vulnerability VCID-xftu-6k5q-7ub6
41
vulnerability VCID-xvs7-58y1-3ybj
42
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103
aliases CVE-2024-8980, GHSA-chj2-4vg7-hhg3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zn2s-8c79-x7h3
Fixing_vulnerabilities
0
url VCID-h9vv-1cu6-jydx
vulnerability_id VCID-h9vv-1cu6-jydx
summary Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38267
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39345
published_at 2026-06-12T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39174
published_at 2026-06-11T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39358
published_at 2026-06-14T12:55:00Z
3
value 0.00178
scoring_system epss
scoring_elements 0.3937
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38267
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/c3ad74d0664072c43da4d30a1d19be8cec3aa8bc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c3ad74d0664072c43da4d30a1d19be8cec3aa8bc
3
reference_url https://liferay.atlassian.net/browse/LPE-17212
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17212
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38267-stored-xss-with-title-and-subtitle-of-blog-entry?p_r_p_assetEntryId=121611935&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611935%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38267-stored-xss-with-title-and-subtitle-of-blog-entry?p_r_p_assetEntryId=121611935&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611935%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38267
reference_id CVE-2021-38267
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38267
6
reference_url https://github.com/advisories/GHSA-r39x-3qq4-gxmr
reference_id GHSA-r39x-3qq4-gxmr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r39x-3qq4-gxmr
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.3.7-ga8
purl pkg:maven/com.liferay.portal/release.portal.bom@7.3.7-ga8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.7-ga8
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.0
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bjj-tjj8-pudd
1
vulnerability VCID-25ay-9z7s-47dg
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-5gqq-m36a-53b6
4
vulnerability VCID-6e5j-scss-jucz
5
vulnerability VCID-6jsv-kw7h-9yeu
6
vulnerability VCID-6jw2-chce-suhn
7
vulnerability VCID-72my-1zwg-a7hx
8
vulnerability VCID-7ffj-jw2k-m3a6
9
vulnerability VCID-88u7-stft-ebdh
10
vulnerability VCID-9u32-4n1x-77ce
11
vulnerability VCID-9v1n-scdh-a3du
12
vulnerability VCID-a62g-s5j4-73fr
13
vulnerability VCID-ank8-p9qa-9udx
14
vulnerability VCID-cn1e-v8j7-mfhp
15
vulnerability VCID-d3cx-1jmf-cfc4
16
vulnerability VCID-ed9v-m3q5-6yaq
17
vulnerability VCID-efzj-vsre-1ygm
18
vulnerability VCID-epds-vwku-cyed
19
vulnerability VCID-evtz-a8xn-e7b6
20
vulnerability VCID-g52h-8r1h-dfhe
21
vulnerability VCID-gngs-dm98-eqc2
22
vulnerability VCID-hpqu-qfg1-rygw
23
vulnerability VCID-hthn-qn9g-u3dv
24
vulnerability VCID-hvhc-kn1w-qkac
25
vulnerability VCID-jg5a-j9vb-f7hk
26
vulnerability VCID-jh4y-y7np-9fav
27
vulnerability VCID-k469-ety8-rqby
28
vulnerability VCID-kke1-d8nw-tyhj
29
vulnerability VCID-mmy3-eycu-q7bu
30
vulnerability VCID-mqut-n4an-x3cs
31
vulnerability VCID-mzzp-psnm-muhm
32
vulnerability VCID-n634-fspx-judk
33
vulnerability VCID-n65a-ycxy-pqgz
34
vulnerability VCID-p1dw-dttz-x7ee
35
vulnerability VCID-pcat-aa3f-kqeg
36
vulnerability VCID-ph25-5qgg-zfer
37
vulnerability VCID-ph4a-tj1g-ykc8
38
vulnerability VCID-qztv-899y-sbb8
39
vulnerability VCID-rjjs-an4q-6qaf
40
vulnerability VCID-ser9-x7zq-dqdv
41
vulnerability VCID-t2ys-d2mh-xygr
42
vulnerability VCID-tgpb-tps9-wfd5
43
vulnerability VCID-trgc-963v-9ue4
44
vulnerability VCID-twb2-9ane-tfdw
45
vulnerability VCID-u5rg-89bb-wbfy
46
vulnerability VCID-u9gz-jcnn-syby
47
vulnerability VCID-ughz-r7ds-6qfu
48
vulnerability VCID-umd8-9ypn-zkdk
49
vulnerability VCID-uu4f-gvmj-7key
50
vulnerability VCID-uxjd-h6fd-sbgf
51
vulnerability VCID-vh4z-622g-j7d6
52
vulnerability VCID-w71u-16bg-nke4
53
vulnerability VCID-whty-vwsm-t7gt
54
vulnerability VCID-xftu-6k5q-7ub6
55
vulnerability VCID-xy7e-q9wh-fkh4
56
vulnerability VCID-y38f-84j9-fygf
57
vulnerability VCID-yp7c-xgj7-s3h2
58
vulnerability VCID-z611-svpn-m7b1
59
vulnerability VCID-zc53-8p5g-2kcv
60
vulnerability VCID-zkm4-bz55-9bb8
61
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.0
aliases CVE-2021-38267, GHSA-r39x-3qq4-gxmr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h9vv-1cu6-jydx
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.0