Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23

Type maven

Namespace com.liferay.portal

Name release.dxp.bom

Version 7.1.10.fp23

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.1.10.fp25

Latest_non_vulnerable_version 2023.Q3.6

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-e42x-p4br-vyfj

vulnerability_id VCID-e42x-p4br-vyfj

summary

Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module
Cross-site scripting (XSS) vulnerability in the Gogo Shell module before 5.0.2 from Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38269

reference_id

reference_type

scores

value	0.00178
scoring_system	epss
scoring_elements	0.39092
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38269

reference_url	https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url	https://github.com/liferay/liferay-portal

reference_url	https://github.com/liferay/liferay-portal/commit/0b28a0d0ca7592660c66c15aa14fe709b7c0c141
reference_id
reference_type
scores
url	https://github.com/liferay/liferay-portal/commit/0b28a0d0ca7592660c66c15aa14fe709b7c0c141

reference_url	https://liferay.atlassian.net/browse/LPE-17203
reference_id
reference_type
scores
url	https://liferay.atlassian.net/browse/LPE-17203

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-38269
reference_id	CVE-2021-38269
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-38269

reference_url

https://github.com/advisories/GHSA-vw6g-gh6c-8qwp

reference_id

GHSA-vw6g-gh6c-8qwp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vw6g-gh6c-8qwp

fixed_packages

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13

url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37hd-5qb8-7kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2

aliases CVE-2021-38269, GHSA-vw6g-gh6c-8qwp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e42x-p4br-vyfj

url VCID-f4pp-shhv-xuh5

vulnerability_id VCID-f4pp-shhv-xuh5

summary

references

reference_url	http://liferay.com
reference_id
reference_type
scores
url	http://liferay.com

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-29049

reference_id

reference_type

scores

value	0.00278
scoring_system	epss
scoring_elements	0.51404
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-29049

reference_url	https://issues.liferay.com/browse/LPE-17211
reference_id
reference_type
scores
url	https://issues.liferay.com/browse/LPE-17211

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-29049
reference_id	CVE-2021-29049
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-29049

reference_url

https://github.com/advisories/GHSA-w28v-87g6-cjr6

reference_id

GHSA-w28v-87g6-cjr6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w28v-87g6-cjr6

fixed_packages

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp99
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp99
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp99

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp12
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp12

url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m73x-s3s9-v3fg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1

aliases CVE-2021-29049, GHSA-w28v-87g6-cjr6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4pp-shhv-xuh5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23

Package Instance