Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.site.memberships.web@2.0.23

Type maven

Namespace com.liferay

Name com.liferay.site.memberships.web

Version 2.0.23

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.0.10

Latest_non_vulnerable_version 5.0.10

Affected_by_vulnerabilities

url VCID-shuw-qkwq-vygb

vulnerability_id VCID-shuw-qkwq-vygb

summary Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28978

reference_id

reference_type

scores

value	0.0012
scoring_system	epss
scoring_elements	0.30677
published_at	2026-06-12T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30481
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28978

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d

reference_url

https://liferay.atlassian.net/browse/LPE-17332

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17332

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership?p_r_p_assetEntryId=121612301&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612301%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-28978

reference_id

CVE-2022-28978

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-28978

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership

reference_id

cve-2022-28978-stored-xss-with-user-name-in-site-membership

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:52:15Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership

reference_url

https://web.archive.org/web/20220922015759/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership

reference_id

CVE-2022-28978-STORED-XSS-WITH-USER-NAME-IN-SITE-MEMBERSHIP

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://github.com/advisories/GHSA-7m65-hmvg-rxpc

reference_id

GHSA-7m65-hmvg-rxpc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7m65-hmvg-rxpc

reference_url

http://liferay.com

reference_id

liferay.com

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:52:15Z/

url

http://liferay.com

fixed_packages

url	pkg:maven/com.liferay/com.liferay.site.memberships.web@5.0.10
purl	pkg:maven/com.liferay/com.liferay.site.memberships.web@5.0.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.site.memberships.web@5.0.10

aliases CVE-2022-28978, GHSA-7m65-hmvg-rxpc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shuw-qkwq-vygb

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.site.memberships.web@2.0.23

Package Instance