Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.dxp.bom@7.1.0
Typemaven
Namespacecom.liferay.portal
Namerelease.dxp.bom
Version7.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.4.13.u93
Latest_non_vulnerable_version7.4.13.u93
Affected_by_vulnerabilities
0
url VCID-17tm-rzgk-qfas
vulnerability_id VCID-17tm-rzgk-qfas
summary 
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page
Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the (1) _com_liferay_journal_web_portlet_JournalPortlet_name or (2) _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33328
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.35015
published_at 2026-06-07T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35052
published_at 2026-06-06T12:55:00Z
2
value 0.00148
scoring_system epss
scoring_elements 0.35038
published_at 2026-06-05T12:55:00Z
3
value 0.00148
scoring_system epss
scoring_elements 0.34978
published_at 2026-06-08T12:55:00Z
4
value 0.00148
scoring_system epss
scoring_elements 0.34942
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33328
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17100
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17100
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33328
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33328
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972
5
reference_url https://github.com/advisories/GHSA-vpvm-3wfw-5f5c
reference_id GHSA-vpvm-3wfw-5f5c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vpvm-3wfw-5f5c
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-7f43-u96s-qyeq
6
vulnerability VCID-7gqd-78yq-r3be
7
vulnerability VCID-7zhe-ztqw-gkhh
8
vulnerability VCID-8jv6-163j-a7b2
9
vulnerability VCID-9471-umbz-pucy
10
vulnerability VCID-a7z8-2fzy-2qee
11
vulnerability VCID-a93n-jcyj-s7cb
12
vulnerability VCID-afe9-yqy2-8bdb
13
vulnerability VCID-b7h9-cxkj-hkc8
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-eaks-bevz-uuc8
18
vulnerability VCID-ebmm-3qj1-8uec
19
vulnerability VCID-ebzh-bpks-5qe2
20
vulnerability VCID-euw1-6mk1-n3he
21
vulnerability VCID-f9dw-g5c2-jba1
22
vulnerability VCID-fxtu-zgpf-cbhs
23
vulnerability VCID-ggs5-4zac-vqa7
24
vulnerability VCID-gp4p-wthk-k3hf
25
vulnerability VCID-gz3a-m337-s7dn
26
vulnerability VCID-h261-uqtv-yfek
27
vulnerability VCID-hrnu-4t2j-9qba
28
vulnerability VCID-hw1d-gdcv-vkec
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-k6d6-hyep-pbac
31
vulnerability VCID-k9yt-aj7x-3bht
32
vulnerability VCID-menx-yu2z-xkeh
33
vulnerability VCID-n6qs-hded-rydp
34
vulnerability VCID-p4nc-ucxy-sydb
35
vulnerability VCID-p9am-1rhf-6bh2
36
vulnerability VCID-qar1-pfr5-ekfm
37
vulnerability VCID-rtqu-78p2-buej
38
vulnerability VCID-uug8-ap5n-r3g2
39
vulnerability VCID-vsg8-h11j-63ge
40
vulnerability VCID-x7ny-9pvm-77eh
41
vulnerability VCID-xe2v-j69t-d3h3
42
vulnerability VCID-xu7c-vz69-duhp
43
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
aliases CVE-2021-33328, GHSA-vpvm-3wfw-5f5c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17tm-rzgk-qfas
1
url VCID-1h16-mptk-gke7
vulnerability_id VCID-1h16-mptk-gke7
summary 
Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password
The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29043
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42502
published_at 2026-06-04T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42586
published_at 2026-06-06T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42575
published_at 2026-06-05T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42524
published_at 2026-06-08T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42559
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29043
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29043
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29043
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515
5
reference_url https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515
6
reference_url https://github.com/advisories/GHSA-xx2h-2hf5-v7vv
reference_id GHSA-xx2h-2hf5-v7vv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx2h-2hf5-v7vv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-e5h2-wvws-3yhq
13
vulnerability VCID-ebmm-3qj1-8uec
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-f9dw-g5c2-jba1
16
vulnerability VCID-fxtu-zgpf-cbhs
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-jkje-ckr9-6ffp
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-n6qs-hded-rydp
21
vulnerability VCID-p4nc-ucxy-sydb
22
vulnerability VCID-rtqu-78p2-buej
23
vulnerability VCID-vsg8-h11j-63ge
24
vulnerability VCID-xe2v-j69t-d3h3
25
vulnerability VCID-xu7c-vz69-duhp
26
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29043, GHSA-xx2h-2hf5-v7vv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1h16-mptk-gke7
2
url VCID-2dc6-guhs-juhy
vulnerability_id VCID-2dc6-guhs-juhy
summary 
Liferay Portal and Liferay DXP Fails to Properly Check User Permissions
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33334
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.2393
published_at 2026-06-07T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.23982
published_at 2026-06-06T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.23999
published_at 2026-06-05T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.23873
published_at 2026-06-08T12:55:00Z
4
value 0.00081
scoring_system epss
scoring_elements 0.23903
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33334
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17039
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17039
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33334
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33334
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332
5
reference_url https://github.com/advisories/GHSA-g37f-j8hh-736f
reference_id GHSA-g37f-j8hh-736f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g37f-j8hh-736f
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-d7nb-6hvn-cueh
20
vulnerability VCID-e5c7-wsvb-dyfm
21
vulnerability VCID-e5h2-wvws-3yhq
22
vulnerability VCID-eaks-bevz-uuc8
23
vulnerability VCID-ebmm-3qj1-8uec
24
vulnerability VCID-ebzh-bpks-5qe2
25
vulnerability VCID-euw1-6mk1-n3he
26
vulnerability VCID-f9dw-g5c2-jba1
27
vulnerability VCID-fxtu-zgpf-cbhs
28
vulnerability VCID-ggs5-4zac-vqa7
29
vulnerability VCID-gp4p-wthk-k3hf
30
vulnerability VCID-gv7c-qump-nyds
31
vulnerability VCID-gz3a-m337-s7dn
32
vulnerability VCID-h261-uqtv-yfek
33
vulnerability VCID-hrnu-4t2j-9qba
34
vulnerability VCID-hw1d-gdcv-vkec
35
vulnerability VCID-jarq-qchk-nkc1
36
vulnerability VCID-jkje-ckr9-6ffp
37
vulnerability VCID-jr2w-84ez-3kg2
38
vulnerability VCID-k29y-9nww-cuh6
39
vulnerability VCID-k6d6-hyep-pbac
40
vulnerability VCID-k9yt-aj7x-3bht
41
vulnerability VCID-menx-yu2z-xkeh
42
vulnerability VCID-n6qs-hded-rydp
43
vulnerability VCID-p4nc-ucxy-sydb
44
vulnerability VCID-p7s6-d63y-4ffb
45
vulnerability VCID-p9am-1rhf-6bh2
46
vulnerability VCID-qar1-pfr5-ekfm
47
vulnerability VCID-rtqu-78p2-buej
48
vulnerability VCID-sn9p-y571-ffej
49
vulnerability VCID-t51p-askk-pfcx
50
vulnerability VCID-uug8-ap5n-r3g2
51
vulnerability VCID-vsg8-h11j-63ge
52
vulnerability VCID-x7ny-9pvm-77eh
53
vulnerability VCID-x93k-k3f7-y3hk
54
vulnerability VCID-xe2v-j69t-d3h3
55
vulnerability VCID-xu7c-vz69-duhp
56
vulnerability VCID-yq5x-4eyq-m7ba
57
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
aliases CVE-2021-33334, GHSA-g37f-j8hh-736f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dc6-guhs-juhy
3
url VCID-5vyh-n1sc-sydy
vulnerability_id VCID-5vyh-n1sc-sydy
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module
A Cross-site scripting (XSS) vulnerability in the Announcements module before 6.0.11 from Liferay Portal (7.1.0 through 7.4.2), and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42110
reference_id
reference_type
scores
0
value 0.00475
scoring_system epss
scoring_elements 0.65206
published_at 2026-06-07T12:55:00Z
1
value 0.00475
scoring_system epss
scoring_elements 0.65217
published_at 2026-06-06T12:55:00Z
2
value 0.00475
scoring_system epss
scoring_elements 0.65207
published_at 2026-06-05T12:55:00Z
3
value 0.00475
scoring_system epss
scoring_elements 0.65195
published_at 2026-06-08T12:55:00Z
4
value 0.00475
scoring_system epss
scoring_elements 0.65164
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42110
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/99b1c4752cd06e6681d7aa9c3b0f58154f434060
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/99b1c4752cd06e6681d7aa9c3b0f58154f434060
3
reference_url https://issues.liferay.com/browse/LPE-17403
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:52:12Z/
url https://issues.liferay.com/browse/LPE-17403
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42110?p_r_p_assetEntryId=121612856&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612856%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42110?p_r_p_assetEntryId=121612856&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612856%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42110
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42110
6
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42110
reference_id cve-2022-42110
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:52:12Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42110
7
reference_url https://github.com/advisories/GHSA-2qwm-9mg5-jwq8
reference_id GHSA-2qwm-9mg5-jwq8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qwm-9mg5-jwq8
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7f43-u96s-qyeq
3
vulnerability VCID-8jv6-163j-a7b2
4
vulnerability VCID-9471-umbz-pucy
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-n6qs-hded-rydp
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-rtqu-78p2-buej
16
vulnerability VCID-vsg8-h11j-63ge
17
vulnerability VCID-xe2v-j69t-d3h3
18
vulnerability VCID-xu7c-vz69-duhp
19
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7gqd-78yq-r3be
3
vulnerability VCID-9yw4-52sc-rbbz
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-e5c7-wsvb-dyfm
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebmm-3qj1-8uec
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-euw1-6mk1-n3he
10
vulnerability VCID-fxtu-zgpf-cbhs
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-menx-yu2z-xkeh
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-p9am-1rhf-6bh2
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xu7c-vz69-duhp
20
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
aliases CVE-2022-42110, GHSA-2qwm-9mg5-jwq8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vyh-n1sc-sydy
4
url VCID-67kh-3nge-vfhg
vulnerability_id VCID-67kh-3nge-vfhg
summary 
Liferay Portal and Liferay DXP allows arbitrary injection via web content template names
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page before 5.0.15 in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26596
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45868
published_at 2026-06-04T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.45941
published_at 2026-06-06T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.45937
published_at 2026-06-05T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.45894
published_at 2026-06-08T12:55:00Z
4
value 0.0023
scoring_system epss
scoring_elements 0.4592
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26596
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/c61976fc867f3add8eb429b99380e91f021f9313
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c61976fc867f3add8eb429b99380e91f021f9313
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26596-stored-xss-with-template-name?p_r_p_assetEntryId=121612108&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612108%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26596-stored-xss-with-template-name?p_r_p_assetEntryId=121612108&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612108%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26596
reference_id CVE-2022-26596
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-26596
6
reference_url https://github.com/advisories/GHSA-w7f2-6896-6mm2
reference_id GHSA-w7f2-6896-6mm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7f2-6896-6mm2
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-6r32-cn35-sqcb
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7gqd-78yq-r3be
9
vulnerability VCID-7zhe-ztqw-gkhh
10
vulnerability VCID-8jv6-163j-a7b2
11
vulnerability VCID-9471-umbz-pucy
12
vulnerability VCID-a7z8-2fzy-2qee
13
vulnerability VCID-a93n-jcyj-s7cb
14
vulnerability VCID-afe9-yqy2-8bdb
15
vulnerability VCID-b7h9-cxkj-hkc8
16
vulnerability VCID-cj4m-mvzh-ckh4
17
vulnerability VCID-d7nb-6hvn-cueh
18
vulnerability VCID-e5c7-wsvb-dyfm
19
vulnerability VCID-e5h2-wvws-3yhq
20
vulnerability VCID-eaks-bevz-uuc8
21
vulnerability VCID-ebmm-3qj1-8uec
22
vulnerability VCID-ebzh-bpks-5qe2
23
vulnerability VCID-euw1-6mk1-n3he
24
vulnerability VCID-f9dw-g5c2-jba1
25
vulnerability VCID-fxtu-zgpf-cbhs
26
vulnerability VCID-ggs5-4zac-vqa7
27
vulnerability VCID-gp4p-wthk-k3hf
28
vulnerability VCID-gz3a-m337-s7dn
29
vulnerability VCID-h261-uqtv-yfek
30
vulnerability VCID-hrnu-4t2j-9qba
31
vulnerability VCID-hw1d-gdcv-vkec
32
vulnerability VCID-jarq-qchk-nkc1
33
vulnerability VCID-jkje-ckr9-6ffp
34
vulnerability VCID-k6d6-hyep-pbac
35
vulnerability VCID-k9yt-aj7x-3bht
36
vulnerability VCID-menx-yu2z-xkeh
37
vulnerability VCID-n6qs-hded-rydp
38
vulnerability VCID-p4nc-ucxy-sydb
39
vulnerability VCID-p9am-1rhf-6bh2
40
vulnerability VCID-qar1-pfr5-ekfm
41
vulnerability VCID-rtqu-78p2-buej
42
vulnerability VCID-t51p-askk-pfcx
43
vulnerability VCID-uug8-ap5n-r3g2
44
vulnerability VCID-vsg8-h11j-63ge
45
vulnerability VCID-x7ny-9pvm-77eh
46
vulnerability VCID-xe2v-j69t-d3h3
47
vulnerability VCID-xu7c-vz69-duhp
48
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp8
aliases CVE-2022-26596, GHSA-w7f2-6896-6mm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67kh-3nge-vfhg
5
url VCID-68kz-zfvf-7ucw
vulnerability_id VCID-68kz-zfvf-7ucw
summary 
Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs
The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the p_auth parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33338
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.28973
published_at 2026-06-08T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.29006
published_at 2026-06-07T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.29007
published_at 2026-06-04T12:55:00Z
3
value 0.0011
scoring_system epss
scoring_elements 0.29043
published_at 2026-06-06T12:55:00Z
4
value 0.0011
scoring_system epss
scoring_elements 0.29076
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33338
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17030
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17030
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33338
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33338
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748276
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748276
5
reference_url https://github.com/advisories/GHSA-4frg-rpx6-96qh
reference_id GHSA-4frg-rpx6-96qh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4frg-rpx6-96qh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-d7nb-6hvn-cueh
20
vulnerability VCID-e5c7-wsvb-dyfm
21
vulnerability VCID-e5h2-wvws-3yhq
22
vulnerability VCID-eaks-bevz-uuc8
23
vulnerability VCID-ebmm-3qj1-8uec
24
vulnerability VCID-ebzh-bpks-5qe2
25
vulnerability VCID-euw1-6mk1-n3he
26
vulnerability VCID-f9dw-g5c2-jba1
27
vulnerability VCID-fxtu-zgpf-cbhs
28
vulnerability VCID-ggs5-4zac-vqa7
29
vulnerability VCID-gp4p-wthk-k3hf
30
vulnerability VCID-gv7c-qump-nyds
31
vulnerability VCID-gz3a-m337-s7dn
32
vulnerability VCID-h261-uqtv-yfek
33
vulnerability VCID-hrnu-4t2j-9qba
34
vulnerability VCID-hw1d-gdcv-vkec
35
vulnerability VCID-jarq-qchk-nkc1
36
vulnerability VCID-jkje-ckr9-6ffp
37
vulnerability VCID-jr2w-84ez-3kg2
38
vulnerability VCID-k29y-9nww-cuh6
39
vulnerability VCID-k6d6-hyep-pbac
40
vulnerability VCID-k9yt-aj7x-3bht
41
vulnerability VCID-menx-yu2z-xkeh
42
vulnerability VCID-n6qs-hded-rydp
43
vulnerability VCID-p4nc-ucxy-sydb
44
vulnerability VCID-p7s6-d63y-4ffb
45
vulnerability VCID-p9am-1rhf-6bh2
46
vulnerability VCID-qar1-pfr5-ekfm
47
vulnerability VCID-rtqu-78p2-buej
48
vulnerability VCID-sn9p-y571-ffej
49
vulnerability VCID-t51p-askk-pfcx
50
vulnerability VCID-uug8-ap5n-r3g2
51
vulnerability VCID-vsg8-h11j-63ge
52
vulnerability VCID-x7ny-9pvm-77eh
53
vulnerability VCID-x93k-k3f7-y3hk
54
vulnerability VCID-xe2v-j69t-d3h3
55
vulnerability VCID-xu7c-vz69-duhp
56
vulnerability VCID-yq5x-4eyq-m7ba
57
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
aliases CVE-2021-33338, GHSA-4frg-rpx6-96qh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68kz-zfvf-7ucw
6
url VCID-6r32-cn35-sqcb
vulnerability_id VCID-6r32-cn35-sqcb
summary 
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Document Library module
Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu versions 5.0.6 to before 5.0.54, in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33337
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49487
published_at 2026-06-07T12:55:00Z
1
value 0.00258
scoring_system epss
scoring_elements 0.49504
published_at 2026-06-06T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.49493
published_at 2026-06-05T12:55:00Z
3
value 0.00258
scoring_system epss
scoring_elements 0.49459
published_at 2026-06-08T12:55:00Z
4
value 0.00258
scoring_system epss
scoring_elements 0.4943
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33337
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/432e9eb911d11ff40e1db652690586e496940633
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/432e9eb911d11ff40e1db652690586e496940633
3
reference_url https://issues.liferay.com/browse/LPE-17101
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17101
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2021-33337
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2021-33337
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33337
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33337
6
reference_url https://github.com/advisories/GHSA-v88g-7fx4-9q7f
reference_id GHSA-v88g-7fx4-9q7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v88g-7fx4-9q7f
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-7f43-u96s-qyeq
6
vulnerability VCID-7gqd-78yq-r3be
7
vulnerability VCID-7zhe-ztqw-gkhh
8
vulnerability VCID-8jv6-163j-a7b2
9
vulnerability VCID-9471-umbz-pucy
10
vulnerability VCID-a7z8-2fzy-2qee
11
vulnerability VCID-a93n-jcyj-s7cb
12
vulnerability VCID-afe9-yqy2-8bdb
13
vulnerability VCID-b7h9-cxkj-hkc8
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-eaks-bevz-uuc8
18
vulnerability VCID-ebmm-3qj1-8uec
19
vulnerability VCID-ebzh-bpks-5qe2
20
vulnerability VCID-euw1-6mk1-n3he
21
vulnerability VCID-f9dw-g5c2-jba1
22
vulnerability VCID-fxtu-zgpf-cbhs
23
vulnerability VCID-ggs5-4zac-vqa7
24
vulnerability VCID-gp4p-wthk-k3hf
25
vulnerability VCID-gz3a-m337-s7dn
26
vulnerability VCID-h261-uqtv-yfek
27
vulnerability VCID-hrnu-4t2j-9qba
28
vulnerability VCID-hw1d-gdcv-vkec
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-k6d6-hyep-pbac
31
vulnerability VCID-k9yt-aj7x-3bht
32
vulnerability VCID-menx-yu2z-xkeh
33
vulnerability VCID-n6qs-hded-rydp
34
vulnerability VCID-p4nc-ucxy-sydb
35
vulnerability VCID-p9am-1rhf-6bh2
36
vulnerability VCID-qar1-pfr5-ekfm
37
vulnerability VCID-rtqu-78p2-buej
38
vulnerability VCID-uug8-ap5n-r3g2
39
vulnerability VCID-vsg8-h11j-63ge
40
vulnerability VCID-x7ny-9pvm-77eh
41
vulnerability VCID-xe2v-j69t-d3h3
42
vulnerability VCID-xu7c-vz69-duhp
43
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
aliases CVE-2021-33337, GHSA-v88g-7fx4-9q7f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6r32-cn35-sqcb
7
url VCID-7zhe-ztqw-gkhh
vulnerability_id VCID-7zhe-ztqw-gkhh
summary 
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module
Cross-site scripting (XSS) vulnerability in the Gogo Shell module before 5.0.2 from Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38269
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39143
published_at 2026-06-07T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39171
published_at 2026-06-06T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39165
published_at 2026-06-05T12:55:00Z
3
value 0.00178
scoring_system epss
scoring_elements 0.39115
published_at 2026-06-08T12:55:00Z
4
value 0.00178
scoring_system epss
scoring_elements 0.39077
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38269
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/0b28a0d0ca7592660c66c15aa14fe709b7c0c141
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/0b28a0d0ca7592660c66c15aa14fe709b7c0c141
3
reference_url https://liferay.atlassian.net/browse/LPE-17203
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17203
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38269-stored-xss-with-gogo-shell-output?p_r_p_assetEntryId=121611883&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611883%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38269-stored-xss-with-gogo-shell-output?p_r_p_assetEntryId=121611883&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611883%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38269
reference_id CVE-2021-38269
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38269
6
reference_url https://github.com/advisories/GHSA-vw6g-gh6c-8qwp
reference_id GHSA-vw6g-gh6c-8qwp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vw6g-gh6c-8qwp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp24
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-afe9-yqy2-8bdb
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-f9dw-g5c2-jba1
14
vulnerability VCID-fxtu-zgpf-cbhs
15
vulnerability VCID-gp4p-wthk-k3hf
16
vulnerability VCID-jkje-ckr9-6ffp
17
vulnerability VCID-k9yt-aj7x-3bht
18
vulnerability VCID-n6qs-hded-rydp
19
vulnerability VCID-p4nc-ucxy-sydb
20
vulnerability VCID-rtqu-78p2-buej
21
vulnerability VCID-vsg8-h11j-63ge
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp24
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-afe9-yqy2-8bdb
9
vulnerability VCID-b7h9-cxkj-hkc8
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-e5h2-wvws-3yhq
13
vulnerability VCID-ebmm-3qj1-8uec
14
vulnerability VCID-ebzh-bpks-5qe2
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-ggs5-4zac-vqa7
19
vulnerability VCID-gp4p-wthk-k3hf
20
vulnerability VCID-h261-uqtv-yfek
21
vulnerability VCID-hrnu-4t2j-9qba
22
vulnerability VCID-hw1d-gdcv-vkec
23
vulnerability VCID-jkje-ckr9-6ffp
24
vulnerability VCID-k9yt-aj7x-3bht
25
vulnerability VCID-menx-yu2z-xkeh
26
vulnerability VCID-n6qs-hded-rydp
27
vulnerability VCID-p4nc-ucxy-sydb
28
vulnerability VCID-p9am-1rhf-6bh2
29
vulnerability VCID-rtqu-78p2-buej
30
vulnerability VCID-vsg8-h11j-63ge
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xu7c-vz69-duhp
33
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-a7z8-2fzy-2qee
5
vulnerability VCID-b7h9-cxkj-hkc8
6
vulnerability VCID-c3ym-wtv5-hfhr
7
vulnerability VCID-cj4m-mvzh-ckh4
8
vulnerability VCID-cxnv-25bg-rubj
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebzh-bpks-5qe2
12
vulnerability VCID-ef5k-bdxm-xfer
13
vulnerability VCID-euw1-6mk1-n3he
14
vulnerability VCID-ggs5-4zac-vqa7
15
vulnerability VCID-h261-uqtv-yfek
16
vulnerability VCID-hrnu-4t2j-9qba
17
vulnerability VCID-hw1d-gdcv-vkec
18
vulnerability VCID-j127-h1mf-nqam
19
vulnerability VCID-k7yh-fkj8-t3fx
20
vulnerability VCID-k9yt-aj7x-3bht
21
vulnerability VCID-menx-yu2z-xkeh
22
vulnerability VCID-p9am-1rhf-6bh2
23
vulnerability VCID-q7bs-639b-pken
24
vulnerability VCID-rtqu-78p2-buej
25
vulnerability VCID-tqvb-a46r-jbf8
26
vulnerability VCID-uu3m-ef36-jqg7
27
vulnerability VCID-xa5h-2khm-efgj
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
aliases CVE-2021-38269, GHSA-vw6g-gh6c-8qwp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7zhe-ztqw-gkhh
8
url VCID-84qe-1wws-v3g6
vulnerability_id VCID-84qe-1wws-v3g6
summary 
Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use
In implementation for the portal services before 5.7.3 in Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the old password reset token.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33322
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.45117
published_at 2026-06-06T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.45069
published_at 2026-06-08T12:55:00Z
2
value 0.00223
scoring_system epss
scoring_elements 0.45097
published_at 2026-06-07T12:55:00Z
3
value 0.00223
scoring_system epss
scoring_elements 0.45113
published_at 2026-06-05T12:55:00Z
4
value 0.00223
scoring_system epss
scoring_elements 0.45044
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33322
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/8f072ee8527a1dd5c0ffa91c4a78641d0e666b95
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8f072ee8527a1dd5c0ffa91c4a78641d0e666b95
3
reference_url https://github.com/liferay/liferay-portal/commit/9fe453b34f58286a504d995be8ba50499adcf1b7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9fe453b34f58286a504d995be8ba50499adcf1b7
4
reference_url https://liferay.atlassian.net/browse/LPE-16981
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-16981
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33322-password-change-does-not-invalidate-password-reset-tokens?p_r_p_assetEntryId=121610648&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121610648%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33322-password-change-does-not-invalidate-password-reset-tokens?p_r_p_assetEntryId=121610648&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121610648%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33322
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33322
7
reference_url https://github.com/advisories/GHSA-vwj8-4grf-3r8v
reference_id GHSA-vwj8-4grf-3r8v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vwj8-4grf-3r8v
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-68kz-zfvf-7ucw
8
vulnerability VCID-6r32-cn35-sqcb
9
vulnerability VCID-6yj4-11z6-pfhx
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7zhe-ztqw-gkhh
12
vulnerability VCID-8jv6-163j-a7b2
13
vulnerability VCID-9471-umbz-pucy
14
vulnerability VCID-a7z8-2fzy-2qee
15
vulnerability VCID-a93n-jcyj-s7cb
16
vulnerability VCID-afe9-yqy2-8bdb
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-ebmm-3qj1-8uec
22
vulnerability VCID-euw1-6mk1-n3he
23
vulnerability VCID-f9dw-g5c2-jba1
24
vulnerability VCID-fxtu-zgpf-cbhs
25
vulnerability VCID-gp4p-wthk-k3hf
26
vulnerability VCID-gv7c-qump-nyds
27
vulnerability VCID-gz3a-m337-s7dn
28
vulnerability VCID-jarq-qchk-nkc1
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-jr2w-84ez-3kg2
31
vulnerability VCID-k29y-9nww-cuh6
32
vulnerability VCID-k6d6-hyep-pbac
33
vulnerability VCID-k9yt-aj7x-3bht
34
vulnerability VCID-n6qs-hded-rydp
35
vulnerability VCID-p4nc-ucxy-sydb
36
vulnerability VCID-p7s6-d63y-4ffb
37
vulnerability VCID-qar1-pfr5-ekfm
38
vulnerability VCID-rtqu-78p2-buej
39
vulnerability VCID-sn9p-y571-ffej
40
vulnerability VCID-t51p-askk-pfcx
41
vulnerability VCID-vsg8-h11j-63ge
42
vulnerability VCID-x13m-kscr-nkbf
43
vulnerability VCID-x7ny-9pvm-77eh
44
vulnerability VCID-xe2v-j69t-d3h3
45
vulnerability VCID-xu7c-vz69-duhp
46
vulnerability VCID-yq5x-4eyq-m7ba
47
vulnerability VCID-yump-6eg9-9yeq
48
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-4mcy-yw2p-v7bd
6
vulnerability VCID-5vyh-n1sc-sydy
7
vulnerability VCID-67kh-3nge-vfhg
8
vulnerability VCID-68kz-zfvf-7ucw
9
vulnerability VCID-6r32-cn35-sqcb
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7gqd-78yq-r3be
12
vulnerability VCID-7zhe-ztqw-gkhh
13
vulnerability VCID-8jv6-163j-a7b2
14
vulnerability VCID-9471-umbz-pucy
15
vulnerability VCID-a7z8-2fzy-2qee
16
vulnerability VCID-a93n-jcyj-s7cb
17
vulnerability VCID-afe9-yqy2-8bdb
18
vulnerability VCID-b7h9-cxkj-hkc8
19
vulnerability VCID-c4kq-8dpb-bkc7
20
vulnerability VCID-cj4m-mvzh-ckh4
21
vulnerability VCID-d7nb-6hvn-cueh
22
vulnerability VCID-e5c7-wsvb-dyfm
23
vulnerability VCID-e5h2-wvws-3yhq
24
vulnerability VCID-eaks-bevz-uuc8
25
vulnerability VCID-ebmm-3qj1-8uec
26
vulnerability VCID-ebzh-bpks-5qe2
27
vulnerability VCID-euw1-6mk1-n3he
28
vulnerability VCID-f9dw-g5c2-jba1
29
vulnerability VCID-fxtu-zgpf-cbhs
30
vulnerability VCID-ggs5-4zac-vqa7
31
vulnerability VCID-gp4p-wthk-k3hf
32
vulnerability VCID-gv7c-qump-nyds
33
vulnerability VCID-gz3a-m337-s7dn
34
vulnerability VCID-h261-uqtv-yfek
35
vulnerability VCID-hrnu-4t2j-9qba
36
vulnerability VCID-hw1d-gdcv-vkec
37
vulnerability VCID-jarq-qchk-nkc1
38
vulnerability VCID-jkje-ckr9-6ffp
39
vulnerability VCID-jr2w-84ez-3kg2
40
vulnerability VCID-k29y-9nww-cuh6
41
vulnerability VCID-k6d6-hyep-pbac
42
vulnerability VCID-k9yt-aj7x-3bht
43
vulnerability VCID-menx-yu2z-xkeh
44
vulnerability VCID-n6qs-hded-rydp
45
vulnerability VCID-p4nc-ucxy-sydb
46
vulnerability VCID-p7s6-d63y-4ffb
47
vulnerability VCID-p9am-1rhf-6bh2
48
vulnerability VCID-qar1-pfr5-ekfm
49
vulnerability VCID-rtqu-78p2-buej
50
vulnerability VCID-sn9p-y571-ffej
51
vulnerability VCID-t51p-askk-pfcx
52
vulnerability VCID-uug8-ap5n-r3g2
53
vulnerability VCID-vrqa-ggse-wqhn
54
vulnerability VCID-vsg8-h11j-63ge
55
vulnerability VCID-x7ny-9pvm-77eh
56
vulnerability VCID-x93k-k3f7-y3hk
57
vulnerability VCID-xe2v-j69t-d3h3
58
vulnerability VCID-xu7c-vz69-duhp
59
vulnerability VCID-yq5x-4eyq-m7ba
60
vulnerability VCID-yump-6eg9-9yeq
61
vulnerability VCID-zc36-wq6m-4bbn
62
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
aliases CVE-2021-33322, GHSA-vwj8-4grf-3r8v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84qe-1wws-v3g6
9
url VCID-a93n-jcyj-s7cb
vulnerability_id VCID-a93n-jcyj-s7cb
summary 
Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter
Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29049
reference_id
reference_type
scores
0
value 0.00278
scoring_system epss
scoring_elements 0.51427
published_at 2026-06-04T12:55:00Z
1
value 0.00278
scoring_system epss
scoring_elements 0.51494
published_at 2026-06-06T12:55:00Z
2
value 0.00278
scoring_system epss
scoring_elements 0.51488
published_at 2026-06-05T12:55:00Z
3
value 0.00278
scoring_system epss
scoring_elements 0.51439
published_at 2026-06-08T12:55:00Z
4
value 0.00278
scoring_system epss
scoring_elements 0.51472
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29049
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://issues.liferay.com/browse/LPE-17211
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17211
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29049
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29049
5
reference_url https://github.com/advisories/GHSA-w28v-87g6-cjr6
reference_id GHSA-w28v-87g6-cjr6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w28v-87g6-cjr6
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp24
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-afe9-yqy2-8bdb
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-f9dw-g5c2-jba1
14
vulnerability VCID-fxtu-zgpf-cbhs
15
vulnerability VCID-gp4p-wthk-k3hf
16
vulnerability VCID-jkje-ckr9-6ffp
17
vulnerability VCID-k9yt-aj7x-3bht
18
vulnerability VCID-n6qs-hded-rydp
19
vulnerability VCID-p4nc-ucxy-sydb
20
vulnerability VCID-rtqu-78p2-buej
21
vulnerability VCID-vsg8-h11j-63ge
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp24
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp12
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-b7h9-cxkj-hkc8
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-ebzh-bpks-5qe2
16
vulnerability VCID-euw1-6mk1-n3he
17
vulnerability VCID-f9dw-g5c2-jba1
18
vulnerability VCID-fxtu-zgpf-cbhs
19
vulnerability VCID-ggs5-4zac-vqa7
20
vulnerability VCID-gp4p-wthk-k3hf
21
vulnerability VCID-h261-uqtv-yfek
22
vulnerability VCID-hrnu-4t2j-9qba
23
vulnerability VCID-hw1d-gdcv-vkec
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k9yt-aj7x-3bht
26
vulnerability VCID-menx-yu2z-xkeh
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-p9am-1rhf-6bh2
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-uug8-ap5n-r3g2
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-xe2v-j69t-d3h3
34
vulnerability VCID-xu7c-vz69-duhp
35
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp12
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29049, GHSA-w28v-87g6-cjr6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a93n-jcyj-s7cb
10
url VCID-c4kq-8dpb-bkc7
vulnerability_id VCID-c4kq-8dpb-bkc7
summary 
Liferay Portal and Liferay DXP Fails to Sanitize API Data
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 19, and 7.2 before fix pack 7, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13444
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48437
published_at 2026-06-06T12:55:00Z
1
value 0.00249
scoring_system epss
scoring_elements 0.48432
published_at 2026-06-05T12:55:00Z
2
value 0.00249
scoring_system epss
scoring_elements 0.48389
published_at 2026-06-08T12:55:00Z
3
value 0.00249
scoring_system epss
scoring_elements 0.48369
published_at 2026-06-04T12:55:00Z
4
value 0.00249
scoring_system epss
scoring_elements 0.48418
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13444
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17009
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13444
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13444
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396
5
reference_url https://github.com/advisories/GHSA-8j5r-9687-88w5
reference_id GHSA-8j5r-9687-88w5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8j5r-9687-88w5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-cj4m-mvzh-ckh4
18
vulnerability VCID-d7nb-6hvn-cueh
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-eaks-bevz-uuc8
22
vulnerability VCID-ebmm-3qj1-8uec
23
vulnerability VCID-ebzh-bpks-5qe2
24
vulnerability VCID-euw1-6mk1-n3he
25
vulnerability VCID-f9dw-g5c2-jba1
26
vulnerability VCID-fxtu-zgpf-cbhs
27
vulnerability VCID-ggs5-4zac-vqa7
28
vulnerability VCID-gp4p-wthk-k3hf
29
vulnerability VCID-gz3a-m337-s7dn
30
vulnerability VCID-h261-uqtv-yfek
31
vulnerability VCID-hrnu-4t2j-9qba
32
vulnerability VCID-hw1d-gdcv-vkec
33
vulnerability VCID-jarq-qchk-nkc1
34
vulnerability VCID-jkje-ckr9-6ffp
35
vulnerability VCID-k6d6-hyep-pbac
36
vulnerability VCID-k9yt-aj7x-3bht
37
vulnerability VCID-menx-yu2z-xkeh
38
vulnerability VCID-n6qs-hded-rydp
39
vulnerability VCID-p4nc-ucxy-sydb
40
vulnerability VCID-p7s6-d63y-4ffb
41
vulnerability VCID-p9am-1rhf-6bh2
42
vulnerability VCID-qar1-pfr5-ekfm
43
vulnerability VCID-rtqu-78p2-buej
44
vulnerability VCID-t51p-askk-pfcx
45
vulnerability VCID-uug8-ap5n-r3g2
46
vulnerability VCID-vsg8-h11j-63ge
47
vulnerability VCID-x7ny-9pvm-77eh
48
vulnerability VCID-xe2v-j69t-d3h3
49
vulnerability VCID-xu7c-vz69-duhp
50
vulnerability VCID-yq5x-4eyq-m7ba
51
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
aliases CVE-2020-13444, GHSA-8j5r-9687-88w5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c4kq-8dpb-bkc7
11
url VCID-f9dw-g5c2-jba1
vulnerability_id VCID-f9dw-g5c2-jba1
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module
A Cross-site scripting (XSS) vulnerability in the Portal Search module before 6.0.12 from Liferay Portal (7.1.0 through 7.4.2), and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:37:48Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42118
reference_id
reference_type
scores
0
value 0.13205
scoring_system epss
scoring_elements 0.94277
published_at 2026-06-06T12:55:00Z
1
value 0.13205
scoring_system epss
scoring_elements 0.94276
published_at 2026-06-05T12:55:00Z
2
value 0.13205
scoring_system epss
scoring_elements 0.94279
published_at 2026-06-07T12:55:00Z
3
value 0.13205
scoring_system epss
scoring_elements 0.94278
published_at 2026-06-08T12:55:00Z
4
value 0.13205
scoring_system epss
scoring_elements 0.94268
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42118
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/b42f1e70a69a31a3f2f7004a5b1923ec1e1e5445
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b42f1e70a69a31a3f2f7004a5b1923ec1e1e5445
4
reference_url https://issues.liferay.com/browse/LPE-17342
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:37:48Z/
url https://issues.liferay.com/browse/LPE-17342
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42118?p_r_p_assetEntryId=121613298&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613298%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42118?p_r_p_assetEntryId=121613298&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613298%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42118
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42118
7
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118
reference_id cve-2022-42118
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:37:48Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118
8
reference_url https://github.com/advisories/GHSA-mr77-4pm4-x9vm
reference_id GHSA-mr77-4pm4-x9vm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mr77-4pm4-x9vm
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7f43-u96s-qyeq
3
vulnerability VCID-8jv6-163j-a7b2
4
vulnerability VCID-9471-umbz-pucy
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-n6qs-hded-rydp
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-rtqu-78p2-buej
16
vulnerability VCID-vsg8-h11j-63ge
17
vulnerability VCID-xe2v-j69t-d3h3
18
vulnerability VCID-xu7c-vz69-duhp
19
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-9yw4-52sc-rbbz
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-b7h9-cxkj-hkc8
9
vulnerability VCID-cj4m-mvzh-ckh4
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebmm-3qj1-8uec
13
vulnerability VCID-ebzh-bpks-5qe2
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-fxtu-zgpf-cbhs
16
vulnerability VCID-ggs5-4zac-vqa7
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-h261-uqtv-yfek
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-menx-yu2z-xkeh
21
vulnerability VCID-n6qs-hded-rydp
22
vulnerability VCID-p4nc-ucxy-sydb
23
vulnerability VCID-p9am-1rhf-6bh2
24
vulnerability VCID-rtqu-78p2-buej
25
vulnerability VCID-vsg8-h11j-63ge
26
vulnerability VCID-xe2v-j69t-d3h3
27
vulnerability VCID-xu7c-vz69-duhp
28
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
aliases CVE-2022-42118, GHSA-mr77-4pm4-x9vm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f9dw-g5c2-jba1
12
url VCID-gp4p-wthk-k3hf
vulnerability_id VCID-gp4p-wthk-k3hf
summary 
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module
A SQL injection vulnerability in the Layout module before 4.0.17 from Liferay Portal (7.1.3 through 7.4.3.4), and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:01:37Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42121
reference_id
reference_type
scores
0
value 0.00605
scoring_system epss
scoring_elements 0.70037
published_at 2026-06-06T12:55:00Z
1
value 0.00605
scoring_system epss
scoring_elements 0.70028
published_at 2026-06-05T12:55:00Z
2
value 0.00605
scoring_system epss
scoring_elements 0.70012
published_at 2026-06-08T12:55:00Z
3
value 0.00605
scoring_system epss
scoring_elements 0.70024
published_at 2026-06-07T12:55:00Z
4
value 0.00605
scoring_system epss
scoring_elements 0.69987
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42121
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/14c8fbbac814c0b511b4f3ade19eafb2182923c7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/14c8fbbac814c0b511b4f3ade19eafb2182923c7
4
reference_url https://github.com/liferay/liferay-portal/commit/5a17acb714c57e36695b7caff8e6a2789e2cf9d0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5a17acb714c57e36695b7caff8e6a2789e2cf9d0
5
reference_url https://github.com/liferay/liferay-portal/commit/82de94e9f3a4425e3ee6c187462d670ae9bfef51
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/82de94e9f3a4425e3ee6c187462d670ae9bfef51
6
reference_url https://github.com/liferay/liferay-portal/commit/f245f4b428186c8e5964a9ffe90ccc7e12cf7f66
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f245f4b428186c8e5964a9ffe90ccc7e12cf7f66
7
reference_url https://issues.liferay.com/browse/LPE-17414
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:01:37Z/
url https://issues.liferay.com/browse/LPE-17414
8
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42121?p_r_p_assetEntryId=121613426&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613426%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42121?p_r_p_assetEntryId=121613426&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613426%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42121
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42121
10
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42121
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:01:37Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42121
11
reference_url https://github.com/advisories/GHSA-gxxj-fhmr-37j9
reference_id GHSA-gxxj-fhmr-37j9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gxxj-fhmr-37j9
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7f43-u96s-qyeq
3
vulnerability VCID-8jv6-163j-a7b2
4
vulnerability VCID-9471-umbz-pucy
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-n6qs-hded-rydp
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-rtqu-78p2-buej
16
vulnerability VCID-vsg8-h11j-63ge
17
vulnerability VCID-xe2v-j69t-d3h3
18
vulnerability VCID-xu7c-vz69-duhp
19
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7gqd-78yq-r3be
3
vulnerability VCID-9yw4-52sc-rbbz
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-e5c7-wsvb-dyfm
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebmm-3qj1-8uec
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-euw1-6mk1-n3he
10
vulnerability VCID-fxtu-zgpf-cbhs
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-menx-yu2z-xkeh
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-p9am-1rhf-6bh2
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xu7c-vz69-duhp
20
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
aliases CVE-2022-42121, GHSA-gxxj-fhmr-37j9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gp4p-wthk-k3hf
13
url VCID-gv7c-qump-nyds
vulnerability_id VCID-gv7c-qump-nyds
summary 
Liferay Portal and Liferay DXP Stores User Passwords in Cleartext
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33325
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.3092
published_at 2026-06-08T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.30952
published_at 2026-06-07T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.30953
published_at 2026-06-04T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.30987
published_at 2026-06-06T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.31019
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33325
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17042
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17042
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33325
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33325
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748389
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748389
5
reference_url https://github.com/advisories/GHSA-6c88-gvxw-f5hg
reference_id GHSA-6c88-gvxw-f5hg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6c88-gvxw-f5hg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-cj4m-mvzh-ckh4
18
vulnerability VCID-d7nb-6hvn-cueh
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-eaks-bevz-uuc8
22
vulnerability VCID-ebmm-3qj1-8uec
23
vulnerability VCID-ebzh-bpks-5qe2
24
vulnerability VCID-euw1-6mk1-n3he
25
vulnerability VCID-f9dw-g5c2-jba1
26
vulnerability VCID-fxtu-zgpf-cbhs
27
vulnerability VCID-ggs5-4zac-vqa7
28
vulnerability VCID-gp4p-wthk-k3hf
29
vulnerability VCID-gz3a-m337-s7dn
30
vulnerability VCID-h261-uqtv-yfek
31
vulnerability VCID-hrnu-4t2j-9qba
32
vulnerability VCID-hw1d-gdcv-vkec
33
vulnerability VCID-jarq-qchk-nkc1
34
vulnerability VCID-jkje-ckr9-6ffp
35
vulnerability VCID-k6d6-hyep-pbac
36
vulnerability VCID-k9yt-aj7x-3bht
37
vulnerability VCID-menx-yu2z-xkeh
38
vulnerability VCID-n6qs-hded-rydp
39
vulnerability VCID-p4nc-ucxy-sydb
40
vulnerability VCID-p7s6-d63y-4ffb
41
vulnerability VCID-p9am-1rhf-6bh2
42
vulnerability VCID-qar1-pfr5-ekfm
43
vulnerability VCID-rtqu-78p2-buej
44
vulnerability VCID-t51p-askk-pfcx
45
vulnerability VCID-uug8-ap5n-r3g2
46
vulnerability VCID-vsg8-h11j-63ge
47
vulnerability VCID-x7ny-9pvm-77eh
48
vulnerability VCID-xe2v-j69t-d3h3
49
vulnerability VCID-xu7c-vz69-duhp
50
vulnerability VCID-yq5x-4eyq-m7ba
51
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
aliases CVE-2021-33325, GHSA-6c88-gvxw-f5hg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gv7c-qump-nyds
14
url VCID-gz3a-m337-s7dn
vulnerability_id VCID-gz3a-m337-s7dn
summary 
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_my_sites_web_portlet_MySitesPortlet_comments parameter.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29044
reference_id
reference_type
scores
0
value 0.00474
scoring_system epss
scoring_elements 0.65127
published_at 2026-06-04T12:55:00Z
1
value 0.00474
scoring_system epss
scoring_elements 0.6518
published_at 2026-06-06T12:55:00Z
2
value 0.00474
scoring_system epss
scoring_elements 0.65169
published_at 2026-06-05T12:55:00Z
3
value 0.00474
scoring_system epss
scoring_elements 0.65156
published_at 2026-06-08T12:55:00Z
4
value 0.00474
scoring_system epss
scoring_elements 0.65168
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29044
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29044
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29044
4
reference_url https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548
5
reference_url https://github.com/advisories/GHSA-wcr5-3q96-c2gr
reference_id GHSA-wcr5-3q96-c2gr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wcr5-3q96-c2gr
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-e5h2-wvws-3yhq
13
vulnerability VCID-ebmm-3qj1-8uec
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-f9dw-g5c2-jba1
16
vulnerability VCID-fxtu-zgpf-cbhs
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-jkje-ckr9-6ffp
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-n6qs-hded-rydp
21
vulnerability VCID-p4nc-ucxy-sydb
22
vulnerability VCID-rtqu-78p2-buej
23
vulnerability VCID-vsg8-h11j-63ge
24
vulnerability VCID-xe2v-j69t-d3h3
25
vulnerability VCID-xu7c-vz69-duhp
26
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29044, GHSA-wcr5-3q96-c2gr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gz3a-m337-s7dn
15
url VCID-jarq-qchk-nkc1
vulnerability_id VCID-jarq-qchk-nkc1
summary 
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module
Cross-site scripting (XSS) vulnerability in the Frontend JS module before version 4.0.18, in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a modal window.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33326
reference_id
reference_type
scores
0
value 0.00418
scoring_system epss
scoring_elements 0.62174
published_at 2026-06-07T12:55:00Z
1
value 0.00418
scoring_system epss
scoring_elements 0.62184
published_at 2026-06-06T12:55:00Z
2
value 0.00418
scoring_system epss
scoring_elements 0.62176
published_at 2026-06-05T12:55:00Z
3
value 0.00418
scoring_system epss
scoring_elements 0.62158
published_at 2026-06-08T12:55:00Z
4
value 0.00418
scoring_system epss
scoring_elements 0.62127
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33326
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/eb0590cea2d899f9e95bdb2e767466b8444aa573
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/eb0590cea2d899f9e95bdb2e767466b8444aa573
3
reference_url https://issues.liferay.com/browse/LPE-17093
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17093
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33326-xss-with-the-title-of-a-modal-window?p_r_p_assetEntryId=121610771&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121610771%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33326-xss-with-the-title-of-a-modal-window?p_r_p_assetEntryId=121610771&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121610771%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33326
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33326
6
reference_url https://github.com/advisories/GHSA-hgjv-7wjr-qwqp
reference_id GHSA-hgjv-7wjr-qwqp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgjv-7wjr-qwqp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-7f43-u96s-qyeq
6
vulnerability VCID-7gqd-78yq-r3be
7
vulnerability VCID-7zhe-ztqw-gkhh
8
vulnerability VCID-8jv6-163j-a7b2
9
vulnerability VCID-9471-umbz-pucy
10
vulnerability VCID-a7z8-2fzy-2qee
11
vulnerability VCID-a93n-jcyj-s7cb
12
vulnerability VCID-afe9-yqy2-8bdb
13
vulnerability VCID-b7h9-cxkj-hkc8
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-eaks-bevz-uuc8
18
vulnerability VCID-ebmm-3qj1-8uec
19
vulnerability VCID-ebzh-bpks-5qe2
20
vulnerability VCID-euw1-6mk1-n3he
21
vulnerability VCID-f9dw-g5c2-jba1
22
vulnerability VCID-fxtu-zgpf-cbhs
23
vulnerability VCID-ggs5-4zac-vqa7
24
vulnerability VCID-gp4p-wthk-k3hf
25
vulnerability VCID-gz3a-m337-s7dn
26
vulnerability VCID-h261-uqtv-yfek
27
vulnerability VCID-hrnu-4t2j-9qba
28
vulnerability VCID-hw1d-gdcv-vkec
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-k6d6-hyep-pbac
31
vulnerability VCID-k9yt-aj7x-3bht
32
vulnerability VCID-menx-yu2z-xkeh
33
vulnerability VCID-n6qs-hded-rydp
34
vulnerability VCID-p4nc-ucxy-sydb
35
vulnerability VCID-p9am-1rhf-6bh2
36
vulnerability VCID-qar1-pfr5-ekfm
37
vulnerability VCID-rtqu-78p2-buej
38
vulnerability VCID-uug8-ap5n-r3g2
39
vulnerability VCID-vsg8-h11j-63ge
40
vulnerability VCID-x7ny-9pvm-77eh
41
vulnerability VCID-xe2v-j69t-d3h3
42
vulnerability VCID-xu7c-vz69-duhp
43
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
aliases CVE-2021-33326, GHSA-hgjv-7wjr-qwqp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jarq-qchk-nkc1
16
url VCID-jkje-ckr9-6ffp
vulnerability_id VCID-jkje-ckr9-6ffp
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Site Memberships Web before 5.0.10 from Liferay Portal (7.0.1 through 7.4.1), and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:52:15Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28978
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30485
published_at 2026-06-06T12:55:00Z
1
value 0.0012
scoring_system epss
scoring_elements 0.30518
published_at 2026-06-05T12:55:00Z
2
value 0.0012
scoring_system epss
scoring_elements 0.30455
published_at 2026-06-07T12:55:00Z
3
value 0.0012
scoring_system epss
scoring_elements 0.30422
published_at 2026-06-08T12:55:00Z
4
value 0.0012
scoring_system epss
scoring_elements 0.30446
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28978
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d
4
reference_url https://liferay.atlassian.net/browse/LPE-17332
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17332
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership?p_r_p_assetEntryId=121612301&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612301%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership?p_r_p_assetEntryId=121612301&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612301%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28978
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28978
7
reference_url https://web.archive.org/web/20220922015759/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220922015759/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
8
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_id cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:52:15Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
9
reference_url https://github.com/advisories/GHSA-7m65-hmvg-rxpc
reference_id GHSA-7m65-hmvg-rxpc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7m65-hmvg-rxpc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-cj4m-mvzh-ckh4
8
vulnerability VCID-e5c7-wsvb-dyfm
9
vulnerability VCID-e5h2-wvws-3yhq
10
vulnerability VCID-ebmm-3qj1-8uec
11
vulnerability VCID-euw1-6mk1-n3he
12
vulnerability VCID-f9dw-g5c2-jba1
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-gp4p-wthk-k3hf
15
vulnerability VCID-k9yt-aj7x-3bht
16
vulnerability VCID-n6qs-hded-rydp
17
vulnerability VCID-p4nc-ucxy-sydb
18
vulnerability VCID-rtqu-78p2-buej
19
vulnerability VCID-vsg8-h11j-63ge
20
vulnerability VCID-xe2v-j69t-d3h3
21
vulnerability VCID-xu7c-vz69-duhp
22
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-9yw4-52sc-rbbz
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-b7h9-cxkj-hkc8
9
vulnerability VCID-cj4m-mvzh-ckh4
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebmm-3qj1-8uec
13
vulnerability VCID-ebzh-bpks-5qe2
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-fxtu-zgpf-cbhs
16
vulnerability VCID-ggs5-4zac-vqa7
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-h261-uqtv-yfek
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-menx-yu2z-xkeh
21
vulnerability VCID-n6qs-hded-rydp
22
vulnerability VCID-p4nc-ucxy-sydb
23
vulnerability VCID-p9am-1rhf-6bh2
24
vulnerability VCID-rtqu-78p2-buej
25
vulnerability VCID-vsg8-h11j-63ge
26
vulnerability VCID-xe2v-j69t-d3h3
27
vulnerability VCID-xu7c-vz69-duhp
28
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
aliases CVE-2022-28978, GHSA-7m65-hmvg-rxpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkje-ckr9-6ffp
17
url VCID-jr2w-84ez-3kg2
vulnerability_id VCID-jr2w-84ez-3kg2
summary 
Liferay Portal and Liferay DXP autosaves form data for other users to see
The Dynamic Data Mapping module in Dynamic Data Mapping Form Web before 3.0.23 in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33323
reference_id
reference_type
scores
0
value 0.00417
scoring_system epss
scoring_elements 0.62139
published_at 2026-06-07T12:55:00Z
1
value 0.00417
scoring_system epss
scoring_elements 0.6215
published_at 2026-06-06T12:55:00Z
2
value 0.00417
scoring_system epss
scoring_elements 0.62142
published_at 2026-06-05T12:55:00Z
3
value 0.00417
scoring_system epss
scoring_elements 0.62123
published_at 2026-06-08T12:55:00Z
4
value 0.00417
scoring_system epss
scoring_elements 0.62094
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33323
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17049
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17049
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33323
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107
5
reference_url https://github.com/advisories/GHSA-fxpf-jr2q-vpvv
reference_id GHSA-fxpf-jr2q-vpvv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxpf-jr2q-vpvv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-cj4m-mvzh-ckh4
18
vulnerability VCID-d7nb-6hvn-cueh
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-eaks-bevz-uuc8
22
vulnerability VCID-ebmm-3qj1-8uec
23
vulnerability VCID-ebzh-bpks-5qe2
24
vulnerability VCID-euw1-6mk1-n3he
25
vulnerability VCID-f9dw-g5c2-jba1
26
vulnerability VCID-fxtu-zgpf-cbhs
27
vulnerability VCID-ggs5-4zac-vqa7
28
vulnerability VCID-gp4p-wthk-k3hf
29
vulnerability VCID-gz3a-m337-s7dn
30
vulnerability VCID-h261-uqtv-yfek
31
vulnerability VCID-hrnu-4t2j-9qba
32
vulnerability VCID-hw1d-gdcv-vkec
33
vulnerability VCID-jarq-qchk-nkc1
34
vulnerability VCID-jkje-ckr9-6ffp
35
vulnerability VCID-k6d6-hyep-pbac
36
vulnerability VCID-k9yt-aj7x-3bht
37
vulnerability VCID-menx-yu2z-xkeh
38
vulnerability VCID-n6qs-hded-rydp
39
vulnerability VCID-p4nc-ucxy-sydb
40
vulnerability VCID-p7s6-d63y-4ffb
41
vulnerability VCID-p9am-1rhf-6bh2
42
vulnerability VCID-qar1-pfr5-ekfm
43
vulnerability VCID-rtqu-78p2-buej
44
vulnerability VCID-t51p-askk-pfcx
45
vulnerability VCID-uug8-ap5n-r3g2
46
vulnerability VCID-vsg8-h11j-63ge
47
vulnerability VCID-x7ny-9pvm-77eh
48
vulnerability VCID-xe2v-j69t-d3h3
49
vulnerability VCID-xu7c-vz69-duhp
50
vulnerability VCID-yq5x-4eyq-m7ba
51
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
aliases CVE-2021-33323, GHSA-fxpf-jr2q-vpvv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jr2w-84ez-3kg2
18
url VCID-k1u8-ur3y-zucd
vulnerability_id VCID-k1u8-ur3y-zucd
summary 
Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL
The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42132
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56121
published_at 2026-06-06T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56115
published_at 2026-06-05T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.5606
published_at 2026-06-04T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.5609
published_at 2026-06-08T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.56107
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42132
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d
4
reference_url https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430
5
reference_url https://issues.liferay.com/browse/LPE-17438
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/
url https://issues.liferay.com/browse/LPE-17438
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42132
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42132
8
reference_url https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
9
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
reference_id cve-2022-42132
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
10
reference_url https://github.com/advisories/GHSA-f43m-hhj4-q3jg
reference_id GHSA-f43m-hhj4-q3jg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f43m-hhj4-q3jg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7f43-u96s-qyeq
3
vulnerability VCID-8jv6-163j-a7b2
4
vulnerability VCID-9471-umbz-pucy
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-n6qs-hded-rydp
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-rtqu-78p2-buej
16
vulnerability VCID-vsg8-h11j-63ge
17
vulnerability VCID-xe2v-j69t-d3h3
18
vulnerability VCID-xu7c-vz69-duhp
19
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7gqd-78yq-r3be
3
vulnerability VCID-9yw4-52sc-rbbz
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-e5c7-wsvb-dyfm
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebmm-3qj1-8uec
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-euw1-6mk1-n3he
10
vulnerability VCID-fxtu-zgpf-cbhs
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-menx-yu2z-xkeh
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-p9am-1rhf-6bh2
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xu7c-vz69-duhp
20
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-cxnv-25bg-rubj
3
vulnerability VCID-e5c7-wsvb-dyfm
4
vulnerability VCID-e5h2-wvws-3yhq
5
vulnerability VCID-ebzh-bpks-5qe2
6
vulnerability VCID-ef5k-bdxm-xfer
7
vulnerability VCID-euw1-6mk1-n3he
8
vulnerability VCID-ggs5-4zac-vqa7
9
vulnerability VCID-menx-yu2z-xkeh
10
vulnerability VCID-rtqu-78p2-buej
11
vulnerability VCID-tqvb-a46r-jbf8
12
vulnerability VCID-xe2v-j69t-d3h3
13
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2022-42132, GHSA-f43m-hhj4-q3jg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1u8-ur3y-zucd
19
url VCID-k29y-9nww-cuh6
vulnerability_id VCID-k29y-9nww-cuh6
summary 
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_portlet_PortletConfigurationCSSPortlet_portletResource parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33332
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.34738
published_at 2026-06-07T12:55:00Z
1
value 0.00146
scoring_system epss
scoring_elements 0.34704
published_at 2026-06-08T12:55:00Z
2
value 0.00244
scoring_system epss
scoring_elements 0.47832
published_at 2026-06-04T12:55:00Z
3
value 0.00244
scoring_system epss
scoring_elements 0.47899
published_at 2026-06-06T12:55:00Z
4
value 0.00244
scoring_system epss
scoring_elements 0.47895
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33332
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17053
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17053
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33332
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33332
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748366
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748366
5
reference_url https://github.com/advisories/GHSA-9995-qvcg-x7g6
reference_id GHSA-9995-qvcg-x7g6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9995-qvcg-x7g6
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-cj4m-mvzh-ckh4
18
vulnerability VCID-d7nb-6hvn-cueh
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-eaks-bevz-uuc8
22
vulnerability VCID-ebmm-3qj1-8uec
23
vulnerability VCID-ebzh-bpks-5qe2
24
vulnerability VCID-euw1-6mk1-n3he
25
vulnerability VCID-f9dw-g5c2-jba1
26
vulnerability VCID-fxtu-zgpf-cbhs
27
vulnerability VCID-ggs5-4zac-vqa7
28
vulnerability VCID-gp4p-wthk-k3hf
29
vulnerability VCID-gz3a-m337-s7dn
30
vulnerability VCID-h261-uqtv-yfek
31
vulnerability VCID-hrnu-4t2j-9qba
32
vulnerability VCID-hw1d-gdcv-vkec
33
vulnerability VCID-jarq-qchk-nkc1
34
vulnerability VCID-jkje-ckr9-6ffp
35
vulnerability VCID-k6d6-hyep-pbac
36
vulnerability VCID-k9yt-aj7x-3bht
37
vulnerability VCID-menx-yu2z-xkeh
38
vulnerability VCID-n6qs-hded-rydp
39
vulnerability VCID-p4nc-ucxy-sydb
40
vulnerability VCID-p7s6-d63y-4ffb
41
vulnerability VCID-p9am-1rhf-6bh2
42
vulnerability VCID-qar1-pfr5-ekfm
43
vulnerability VCID-rtqu-78p2-buej
44
vulnerability VCID-t51p-askk-pfcx
45
vulnerability VCID-uug8-ap5n-r3g2
46
vulnerability VCID-vsg8-h11j-63ge
47
vulnerability VCID-x7ny-9pvm-77eh
48
vulnerability VCID-xe2v-j69t-d3h3
49
vulnerability VCID-xu7c-vz69-duhp
50
vulnerability VCID-yq5x-4eyq-m7ba
51
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
aliases CVE-2021-33332, GHSA-9995-qvcg-x7g6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k29y-9nww-cuh6
20
url VCID-k6d6-hyep-pbac
vulnerability_id VCID-k6d6-hyep-pbac
summary 
Liferay Portal and Liferay DXP has incorrect default permissions for site members
The Dynamic Data Mapping module before 4.0.39 from Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38268
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30435
published_at 2026-06-07T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30465
published_at 2026-06-06T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.30498
published_at 2026-06-05T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.30403
published_at 2026-06-08T12:55:00Z
4
value 0.00119
scoring_system epss
scoring_elements 0.30425
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38268
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b
3
reference_url https://liferay.atlassian.net/browse/LPE-17150
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17150
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38268
reference_id CVE-2021-38268
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38268
6
reference_url https://github.com/advisories/GHSA-f855-2rvm-5j7h
reference_id GHSA-f855-2rvm-5j7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f855-2rvm-5j7h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-e5h2-wvws-3yhq
13
vulnerability VCID-ebmm-3qj1-8uec
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-f9dw-g5c2-jba1
16
vulnerability VCID-fxtu-zgpf-cbhs
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-jkje-ckr9-6ffp
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-n6qs-hded-rydp
21
vulnerability VCID-p4nc-ucxy-sydb
22
vulnerability VCID-rtqu-78p2-buej
23
vulnerability VCID-vsg8-h11j-63ge
24
vulnerability VCID-xe2v-j69t-d3h3
25
vulnerability VCID-xu7c-vz69-duhp
26
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-a7z8-2fzy-2qee
5
vulnerability VCID-b7h9-cxkj-hkc8
6
vulnerability VCID-c3ym-wtv5-hfhr
7
vulnerability VCID-cj4m-mvzh-ckh4
8
vulnerability VCID-cxnv-25bg-rubj
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebzh-bpks-5qe2
12
vulnerability VCID-ef5k-bdxm-xfer
13
vulnerability VCID-euw1-6mk1-n3he
14
vulnerability VCID-ggs5-4zac-vqa7
15
vulnerability VCID-h261-uqtv-yfek
16
vulnerability VCID-hrnu-4t2j-9qba
17
vulnerability VCID-hw1d-gdcv-vkec
18
vulnerability VCID-j127-h1mf-nqam
19
vulnerability VCID-k7yh-fkj8-t3fx
20
vulnerability VCID-k9yt-aj7x-3bht
21
vulnerability VCID-menx-yu2z-xkeh
22
vulnerability VCID-p9am-1rhf-6bh2
23
vulnerability VCID-q7bs-639b-pken
24
vulnerability VCID-rtqu-78p2-buej
25
vulnerability VCID-tqvb-a46r-jbf8
26
vulnerability VCID-uu3m-ef36-jqg7
27
vulnerability VCID-xa5h-2khm-efgj
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
aliases CVE-2021-38268, GHSA-f855-2rvm-5j7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6d6-hyep-pbac
21
url VCID-m1tw-29pq-h3gw
vulnerability_id VCID-m1tw-29pq-h3gw
summary 
Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15841
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56838
published_at 2026-06-05T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.56818
published_at 2026-06-08T12:55:00Z
2
value 0.00337
scoring_system epss
scoring_elements 0.56787
published_at 2026-06-04T12:55:00Z
3
value 0.00337
scoring_system epss
scoring_elements 0.56833
published_at 2026-06-07T12:55:00Z
4
value 0.00337
scoring_system epss
scoring_elements 0.56845
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15841
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-16928
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-16928
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15841
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15841
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439
5
reference_url https://github.com/advisories/GHSA-773f-f929-qgjj
reference_id GHSA-773f-f929-qgjj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-773f-f929-qgjj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-68kz-zfvf-7ucw
8
vulnerability VCID-6r32-cn35-sqcb
9
vulnerability VCID-6yj4-11z6-pfhx
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7zhe-ztqw-gkhh
12
vulnerability VCID-84qe-1wws-v3g6
13
vulnerability VCID-8jv6-163j-a7b2
14
vulnerability VCID-9471-umbz-pucy
15
vulnerability VCID-a7z8-2fzy-2qee
16
vulnerability VCID-a93n-jcyj-s7cb
17
vulnerability VCID-afe9-yqy2-8bdb
18
vulnerability VCID-c4kq-8dpb-bkc7
19
vulnerability VCID-cj4m-mvzh-ckh4
20
vulnerability VCID-e5c7-wsvb-dyfm
21
vulnerability VCID-e5h2-wvws-3yhq
22
vulnerability VCID-ebmm-3qj1-8uec
23
vulnerability VCID-euw1-6mk1-n3he
24
vulnerability VCID-f9dw-g5c2-jba1
25
vulnerability VCID-fxtu-zgpf-cbhs
26
vulnerability VCID-gp4p-wthk-k3hf
27
vulnerability VCID-gv7c-qump-nyds
28
vulnerability VCID-gz3a-m337-s7dn
29
vulnerability VCID-jarq-qchk-nkc1
30
vulnerability VCID-jkje-ckr9-6ffp
31
vulnerability VCID-jr2w-84ez-3kg2
32
vulnerability VCID-k29y-9nww-cuh6
33
vulnerability VCID-k6d6-hyep-pbac
34
vulnerability VCID-k9yt-aj7x-3bht
35
vulnerability VCID-n6qs-hded-rydp
36
vulnerability VCID-p4nc-ucxy-sydb
37
vulnerability VCID-qar1-pfr5-ekfm
38
vulnerability VCID-rtqu-78p2-buej
39
vulnerability VCID-sn9p-y571-ffej
40
vulnerability VCID-t51p-askk-pfcx
41
vulnerability VCID-vrqa-ggse-wqhn
42
vulnerability VCID-vsg8-h11j-63ge
43
vulnerability VCID-x13m-kscr-nkbf
44
vulnerability VCID-x7ny-9pvm-77eh
45
vulnerability VCID-x93k-k3f7-y3hk
46
vulnerability VCID-xe2v-j69t-d3h3
47
vulnerability VCID-xu7c-vz69-duhp
48
vulnerability VCID-yq5x-4eyq-m7ba
49
vulnerability VCID-yump-6eg9-9yeq
50
vulnerability VCID-zc36-wq6m-4bbn
51
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-4mcy-yw2p-v7bd
6
vulnerability VCID-5vyh-n1sc-sydy
7
vulnerability VCID-67kh-3nge-vfhg
8
vulnerability VCID-68kz-zfvf-7ucw
9
vulnerability VCID-6r32-cn35-sqcb
10
vulnerability VCID-6yj4-11z6-pfhx
11
vulnerability VCID-7f43-u96s-qyeq
12
vulnerability VCID-7gqd-78yq-r3be
13
vulnerability VCID-7zhe-ztqw-gkhh
14
vulnerability VCID-84qe-1wws-v3g6
15
vulnerability VCID-8jv6-163j-a7b2
16
vulnerability VCID-9471-umbz-pucy
17
vulnerability VCID-a7z8-2fzy-2qee
18
vulnerability VCID-a93n-jcyj-s7cb
19
vulnerability VCID-b7h9-cxkj-hkc8
20
vulnerability VCID-c4kq-8dpb-bkc7
21
vulnerability VCID-cj4m-mvzh-ckh4
22
vulnerability VCID-d7nb-6hvn-cueh
23
vulnerability VCID-e5c7-wsvb-dyfm
24
vulnerability VCID-e5h2-wvws-3yhq
25
vulnerability VCID-eaks-bevz-uuc8
26
vulnerability VCID-ebmm-3qj1-8uec
27
vulnerability VCID-ebzh-bpks-5qe2
28
vulnerability VCID-euw1-6mk1-n3he
29
vulnerability VCID-f9dw-g5c2-jba1
30
vulnerability VCID-fxtu-zgpf-cbhs
31
vulnerability VCID-ggs5-4zac-vqa7
32
vulnerability VCID-gp4p-wthk-k3hf
33
vulnerability VCID-gv7c-qump-nyds
34
vulnerability VCID-gz3a-m337-s7dn
35
vulnerability VCID-h261-uqtv-yfek
36
vulnerability VCID-hrnu-4t2j-9qba
37
vulnerability VCID-hw1d-gdcv-vkec
38
vulnerability VCID-jarq-qchk-nkc1
39
vulnerability VCID-jkje-ckr9-6ffp
40
vulnerability VCID-jr2w-84ez-3kg2
41
vulnerability VCID-k29y-9nww-cuh6
42
vulnerability VCID-k6d6-hyep-pbac
43
vulnerability VCID-k9yt-aj7x-3bht
44
vulnerability VCID-menx-yu2z-xkeh
45
vulnerability VCID-n6qs-hded-rydp
46
vulnerability VCID-p4nc-ucxy-sydb
47
vulnerability VCID-p7s6-d63y-4ffb
48
vulnerability VCID-p9am-1rhf-6bh2
49
vulnerability VCID-qar1-pfr5-ekfm
50
vulnerability VCID-rtqu-78p2-buej
51
vulnerability VCID-sn9p-y571-ffej
52
vulnerability VCID-t51p-askk-pfcx
53
vulnerability VCID-ub82-jbgf-mfb8
54
vulnerability VCID-uug8-ap5n-r3g2
55
vulnerability VCID-vrqa-ggse-wqhn
56
vulnerability VCID-vsg8-h11j-63ge
57
vulnerability VCID-wwhx-5znm-nyea
58
vulnerability VCID-x13m-kscr-nkbf
59
vulnerability VCID-x7ny-9pvm-77eh
60
vulnerability VCID-xe2v-j69t-d3h3
61
vulnerability VCID-xu7c-vz69-duhp
62
vulnerability VCID-yq5x-4eyq-m7ba
63
vulnerability VCID-yump-6eg9-9yeq
64
vulnerability VCID-zc36-wq6m-4bbn
65
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp4
aliases CVE-2020-15841, GHSA-773f-f929-qgjj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1tw-29pq-h3gw
22
url VCID-q23w-uet7-w7fz
vulnerability_id VCID-q23w-uet7-w7fz
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module
In Search Web before v6.0.19 in Liferay Portal (v7.1.0 through v7.4.2) and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T19:59:49Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28979
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53716
published_at 2026-06-06T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53707
published_at 2026-06-05T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53703
published_at 2026-06-07T12:55:00Z
3
value 0.003
scoring_system epss
scoring_elements 0.5368
published_at 2026-06-08T12:55:00Z
4
value 0.003
scoring_system epss
scoring_elements 0.53648
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28979
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/e18065248673c77927f4839439aa200bfb965ced
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/e18065248673c77927f4839439aa200bfb965ced
4
reference_url https://issues.liferay.com/browse/LPE-17381
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T19:59:49Z/
url https://issues.liferay.com/browse/LPE-17381
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28979-xss-in-custom-facet-widget?p_r_p_assetEntryId=121612377&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612377%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28979-xss-in-custom-facet-widget?p_r_p_assetEntryId=121612377&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612377%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28979
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28979
7
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28979-xss-in-custom-facet-widget
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T19:59:49Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28979-xss-in-custom-facet-widget
8
reference_url https://github.com/advisories/GHSA-7r3w-wggm-pjwf
reference_id GHSA-7r3w-wggm-pjwf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7r3w-wggm-pjwf
fixed_packages
aliases CVE-2022-28979, GHSA-7r3w-wggm-pjwf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q23w-uet7-w7fz
23
url VCID-qar1-pfr5-ekfm
vulnerability_id VCID-qar1-pfr5-ekfm
summary 
Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29040
reference_id
reference_type
scores
0
value 0.00402
scoring_system epss
scoring_elements 0.61152
published_at 2026-06-04T12:55:00Z
1
value 0.00402
scoring_system epss
scoring_elements 0.61209
published_at 2026-06-06T12:55:00Z
2
value 0.00402
scoring_system epss
scoring_elements 0.61201
published_at 2026-06-05T12:55:00Z
3
value 0.00402
scoring_system epss
scoring_elements 0.61178
published_at 2026-06-08T12:55:00Z
4
value 0.00402
scoring_system epss
scoring_elements 0.61195
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29040
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29040
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29040
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429
5
reference_url https://web.archive.org/web/20220828222656/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220828222656/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429
6
reference_url https://github.com/advisories/GHSA-87x7-pwrx-jch7
reference_id GHSA-87x7-pwrx-jch7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-87x7-pwrx-jch7
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
aliases CVE-2021-29040, GHSA-87x7-pwrx-jch7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qar1-pfr5-ekfm
24
url VCID-sn9p-y571-ffej
vulnerability_id VCID-sn9p-y571-ffej
summary 
Liferay Portal and Liferay DXP Bypass via Double Encoded URL
In Liferay Portal before 7.3.1, com.liferay.portal:com.liferay.portal.impl before 7.1.3 and 7.4.0, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15840
reference_id
reference_type
scores
0
value 0.00194
scoring_system epss
scoring_elements 0.41192
published_at 2026-06-07T12:55:00Z
1
value 0.00194
scoring_system epss
scoring_elements 0.41222
published_at 2026-06-06T12:55:00Z
2
value 0.00194
scoring_system epss
scoring_elements 0.41218
published_at 2026-06-05T12:55:00Z
3
value 0.00194
scoring_system epss
scoring_elements 0.41162
published_at 2026-06-08T12:55:00Z
4
value 0.00194
scoring_system epss
scoring_elements 0.41143
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15840
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17046
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17046
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15840
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15840
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities
5
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204
6
reference_url https://security.snyk.io/vuln/SNYK-JAVA-COMLIFERAYPORTAL-1296538
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-COMLIFERAYPORTAL-1296538
7
reference_url https://github.com/advisories/GHSA-vrwx-q9pj-x488
reference_id GHSA-vrwx-q9pj-x488
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrwx-q9pj-x488
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-cj4m-mvzh-ckh4
18
vulnerability VCID-d7nb-6hvn-cueh
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-eaks-bevz-uuc8
22
vulnerability VCID-ebmm-3qj1-8uec
23
vulnerability VCID-ebzh-bpks-5qe2
24
vulnerability VCID-euw1-6mk1-n3he
25
vulnerability VCID-f9dw-g5c2-jba1
26
vulnerability VCID-fxtu-zgpf-cbhs
27
vulnerability VCID-ggs5-4zac-vqa7
28
vulnerability VCID-gp4p-wthk-k3hf
29
vulnerability VCID-gz3a-m337-s7dn
30
vulnerability VCID-h261-uqtv-yfek
31
vulnerability VCID-hrnu-4t2j-9qba
32
vulnerability VCID-hw1d-gdcv-vkec
33
vulnerability VCID-jarq-qchk-nkc1
34
vulnerability VCID-jkje-ckr9-6ffp
35
vulnerability VCID-k6d6-hyep-pbac
36
vulnerability VCID-k9yt-aj7x-3bht
37
vulnerability VCID-menx-yu2z-xkeh
38
vulnerability VCID-n6qs-hded-rydp
39
vulnerability VCID-p4nc-ucxy-sydb
40
vulnerability VCID-p7s6-d63y-4ffb
41
vulnerability VCID-p9am-1rhf-6bh2
42
vulnerability VCID-qar1-pfr5-ekfm
43
vulnerability VCID-rtqu-78p2-buej
44
vulnerability VCID-t51p-askk-pfcx
45
vulnerability VCID-uug8-ap5n-r3g2
46
vulnerability VCID-vsg8-h11j-63ge
47
vulnerability VCID-x7ny-9pvm-77eh
48
vulnerability VCID-xe2v-j69t-d3h3
49
vulnerability VCID-xu7c-vz69-duhp
50
vulnerability VCID-yq5x-4eyq-m7ba
51
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
aliases CVE-2020-15840, GHSA-vrwx-q9pj-x488
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sn9p-y571-ffej
25
url VCID-t51p-askk-pfcx
vulnerability_id VCID-t51p-askk-pfcx
summary 
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers
Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33335
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.70803
published_at 2026-06-07T12:55:00Z
1
value 0.00634
scoring_system epss
scoring_elements 0.70821
published_at 2026-06-06T12:55:00Z
2
value 0.00634
scoring_system epss
scoring_elements 0.70814
published_at 2026-06-05T12:55:00Z
3
value 0.00634
scoring_system epss
scoring_elements 0.70791
published_at 2026-06-08T12:55:00Z
4
value 0.00634
scoring_system epss
scoring_elements 0.70772
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33335
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17103
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17103
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33335
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33335
4
reference_url https://web.archive.org/web/20220828222916/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747906
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220828222916/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747906
5
reference_url https://github.com/advisories/GHSA-5gh9-g62h-f35m
reference_id GHSA-5gh9-g62h-f35m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gh9-g62h-f35m
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-7f43-u96s-qyeq
6
vulnerability VCID-7gqd-78yq-r3be
7
vulnerability VCID-7zhe-ztqw-gkhh
8
vulnerability VCID-8jv6-163j-a7b2
9
vulnerability VCID-9471-umbz-pucy
10
vulnerability VCID-a7z8-2fzy-2qee
11
vulnerability VCID-a93n-jcyj-s7cb
12
vulnerability VCID-afe9-yqy2-8bdb
13
vulnerability VCID-b7h9-cxkj-hkc8
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-eaks-bevz-uuc8
18
vulnerability VCID-ebmm-3qj1-8uec
19
vulnerability VCID-ebzh-bpks-5qe2
20
vulnerability VCID-euw1-6mk1-n3he
21
vulnerability VCID-f9dw-g5c2-jba1
22
vulnerability VCID-fxtu-zgpf-cbhs
23
vulnerability VCID-ggs5-4zac-vqa7
24
vulnerability VCID-gp4p-wthk-k3hf
25
vulnerability VCID-gz3a-m337-s7dn
26
vulnerability VCID-h261-uqtv-yfek
27
vulnerability VCID-hrnu-4t2j-9qba
28
vulnerability VCID-hw1d-gdcv-vkec
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-k6d6-hyep-pbac
31
vulnerability VCID-k9yt-aj7x-3bht
32
vulnerability VCID-menx-yu2z-xkeh
33
vulnerability VCID-n6qs-hded-rydp
34
vulnerability VCID-p4nc-ucxy-sydb
35
vulnerability VCID-p9am-1rhf-6bh2
36
vulnerability VCID-qar1-pfr5-ekfm
37
vulnerability VCID-rtqu-78p2-buej
38
vulnerability VCID-uug8-ap5n-r3g2
39
vulnerability VCID-vsg8-h11j-63ge
40
vulnerability VCID-x7ny-9pvm-77eh
41
vulnerability VCID-xe2v-j69t-d3h3
42
vulnerability VCID-xu7c-vz69-duhp
43
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
aliases CVE-2021-33335, GHSA-5gh9-g62h-f35m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t51p-askk-pfcx
26
url VCID-vrqa-ggse-wqhn
vulnerability_id VCID-vrqa-ggse-wqhn
summary 
Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution
In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13445
reference_id
reference_type
scores
0
value 0.0371
scoring_system epss
scoring_elements 0.88176
published_at 2026-06-04T12:55:00Z
1
value 0.0371
scoring_system epss
scoring_elements 0.88199
published_at 2026-06-08T12:55:00Z
2
value 0.0371
scoring_system epss
scoring_elements 0.882
published_at 2026-06-06T12:55:00Z
3
value 0.0371
scoring_system epss
scoring_elements 0.88196
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13445
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17023
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17023
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13445
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13445
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411
5
reference_url https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce
6
reference_url https://github.com/advisories/GHSA-v377-8f8f-532h
reference_id GHSA-v377-8f8f-532h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v377-8f8f-532h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-68kz-zfvf-7ucw
8
vulnerability VCID-6r32-cn35-sqcb
9
vulnerability VCID-6yj4-11z6-pfhx
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7zhe-ztqw-gkhh
12
vulnerability VCID-8jv6-163j-a7b2
13
vulnerability VCID-9471-umbz-pucy
14
vulnerability VCID-a7z8-2fzy-2qee
15
vulnerability VCID-a93n-jcyj-s7cb
16
vulnerability VCID-afe9-yqy2-8bdb
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-ebmm-3qj1-8uec
22
vulnerability VCID-euw1-6mk1-n3he
23
vulnerability VCID-f9dw-g5c2-jba1
24
vulnerability VCID-fxtu-zgpf-cbhs
25
vulnerability VCID-gp4p-wthk-k3hf
26
vulnerability VCID-gv7c-qump-nyds
27
vulnerability VCID-gz3a-m337-s7dn
28
vulnerability VCID-jarq-qchk-nkc1
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-jr2w-84ez-3kg2
31
vulnerability VCID-k29y-9nww-cuh6
32
vulnerability VCID-k6d6-hyep-pbac
33
vulnerability VCID-k9yt-aj7x-3bht
34
vulnerability VCID-n6qs-hded-rydp
35
vulnerability VCID-p4nc-ucxy-sydb
36
vulnerability VCID-p7s6-d63y-4ffb
37
vulnerability VCID-qar1-pfr5-ekfm
38
vulnerability VCID-rtqu-78p2-buej
39
vulnerability VCID-sn9p-y571-ffej
40
vulnerability VCID-t51p-askk-pfcx
41
vulnerability VCID-vsg8-h11j-63ge
42
vulnerability VCID-x13m-kscr-nkbf
43
vulnerability VCID-x7ny-9pvm-77eh
44
vulnerability VCID-xe2v-j69t-d3h3
45
vulnerability VCID-xu7c-vz69-duhp
46
vulnerability VCID-yq5x-4eyq-m7ba
47
vulnerability VCID-yump-6eg9-9yeq
48
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-d7nb-6hvn-cueh
20
vulnerability VCID-e5c7-wsvb-dyfm
21
vulnerability VCID-e5h2-wvws-3yhq
22
vulnerability VCID-eaks-bevz-uuc8
23
vulnerability VCID-ebmm-3qj1-8uec
24
vulnerability VCID-ebzh-bpks-5qe2
25
vulnerability VCID-euw1-6mk1-n3he
26
vulnerability VCID-f9dw-g5c2-jba1
27
vulnerability VCID-fxtu-zgpf-cbhs
28
vulnerability VCID-ggs5-4zac-vqa7
29
vulnerability VCID-gp4p-wthk-k3hf
30
vulnerability VCID-gv7c-qump-nyds
31
vulnerability VCID-gz3a-m337-s7dn
32
vulnerability VCID-h261-uqtv-yfek
33
vulnerability VCID-hrnu-4t2j-9qba
34
vulnerability VCID-hw1d-gdcv-vkec
35
vulnerability VCID-jarq-qchk-nkc1
36
vulnerability VCID-jkje-ckr9-6ffp
37
vulnerability VCID-jr2w-84ez-3kg2
38
vulnerability VCID-k29y-9nww-cuh6
39
vulnerability VCID-k6d6-hyep-pbac
40
vulnerability VCID-k9yt-aj7x-3bht
41
vulnerability VCID-menx-yu2z-xkeh
42
vulnerability VCID-n6qs-hded-rydp
43
vulnerability VCID-p4nc-ucxy-sydb
44
vulnerability VCID-p7s6-d63y-4ffb
45
vulnerability VCID-p9am-1rhf-6bh2
46
vulnerability VCID-qar1-pfr5-ekfm
47
vulnerability VCID-rtqu-78p2-buej
48
vulnerability VCID-sn9p-y571-ffej
49
vulnerability VCID-t51p-askk-pfcx
50
vulnerability VCID-uug8-ap5n-r3g2
51
vulnerability VCID-vsg8-h11j-63ge
52
vulnerability VCID-x7ny-9pvm-77eh
53
vulnerability VCID-x93k-k3f7-y3hk
54
vulnerability VCID-xe2v-j69t-d3h3
55
vulnerability VCID-xu7c-vz69-duhp
56
vulnerability VCID-yq5x-4eyq-m7ba
57
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
aliases CVE-2020-13445, GHSA-v377-8f8f-532h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrqa-ggse-wqhn
27
url VCID-wwhx-5znm-nyea
vulnerability_id VCID-wwhx-5znm-nyea
summary 
Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15842
reference_id
reference_type
scores
0
value 0.0057
scoring_system epss
scoring_elements 0.69011
published_at 2026-06-06T12:55:00Z
1
value 0.0057
scoring_system epss
scoring_elements 0.69002
published_at 2026-06-05T12:55:00Z
2
value 0.0057
scoring_system epss
scoring_elements 0.68989
published_at 2026-06-08T12:55:00Z
3
value 0.0057
scoring_system epss
scoring_elements 0.68963
published_at 2026-06-04T12:55:00Z
4
value 0.0057
scoring_system epss
scoring_elements 0.69005
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15842
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-16963
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-16963
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15842
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15842
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427
5
reference_url https://github.com/advisories/GHSA-mg3r-9jh8-33r9
reference_id GHSA-mg3r-9jh8-33r9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg3r-9jh8-33r9
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-68kz-zfvf-7ucw
8
vulnerability VCID-6r32-cn35-sqcb
9
vulnerability VCID-6yj4-11z6-pfhx
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7zhe-ztqw-gkhh
12
vulnerability VCID-84qe-1wws-v3g6
13
vulnerability VCID-8jv6-163j-a7b2
14
vulnerability VCID-9471-umbz-pucy
15
vulnerability VCID-a7z8-2fzy-2qee
16
vulnerability VCID-a93n-jcyj-s7cb
17
vulnerability VCID-afe9-yqy2-8bdb
18
vulnerability VCID-c4kq-8dpb-bkc7
19
vulnerability VCID-cj4m-mvzh-ckh4
20
vulnerability VCID-e5c7-wsvb-dyfm
21
vulnerability VCID-e5h2-wvws-3yhq
22
vulnerability VCID-ebmm-3qj1-8uec
23
vulnerability VCID-euw1-6mk1-n3he
24
vulnerability VCID-f9dw-g5c2-jba1
25
vulnerability VCID-fxtu-zgpf-cbhs
26
vulnerability VCID-gp4p-wthk-k3hf
27
vulnerability VCID-gv7c-qump-nyds
28
vulnerability VCID-gz3a-m337-s7dn
29
vulnerability VCID-jarq-qchk-nkc1
30
vulnerability VCID-jkje-ckr9-6ffp
31
vulnerability VCID-jr2w-84ez-3kg2
32
vulnerability VCID-k29y-9nww-cuh6
33
vulnerability VCID-k6d6-hyep-pbac
34
vulnerability VCID-k9yt-aj7x-3bht
35
vulnerability VCID-n6qs-hded-rydp
36
vulnerability VCID-p4nc-ucxy-sydb
37
vulnerability VCID-qar1-pfr5-ekfm
38
vulnerability VCID-rtqu-78p2-buej
39
vulnerability VCID-sn9p-y571-ffej
40
vulnerability VCID-t51p-askk-pfcx
41
vulnerability VCID-vrqa-ggse-wqhn
42
vulnerability VCID-vsg8-h11j-63ge
43
vulnerability VCID-x13m-kscr-nkbf
44
vulnerability VCID-x7ny-9pvm-77eh
45
vulnerability VCID-x93k-k3f7-y3hk
46
vulnerability VCID-xe2v-j69t-d3h3
47
vulnerability VCID-xu7c-vz69-duhp
48
vulnerability VCID-yq5x-4eyq-m7ba
49
vulnerability VCID-yump-6eg9-9yeq
50
vulnerability VCID-zc36-wq6m-4bbn
51
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-4mcy-yw2p-v7bd
6
vulnerability VCID-5vyh-n1sc-sydy
7
vulnerability VCID-67kh-3nge-vfhg
8
vulnerability VCID-68kz-zfvf-7ucw
9
vulnerability VCID-6r32-cn35-sqcb
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7gqd-78yq-r3be
12
vulnerability VCID-7zhe-ztqw-gkhh
13
vulnerability VCID-8jv6-163j-a7b2
14
vulnerability VCID-9471-umbz-pucy
15
vulnerability VCID-a7z8-2fzy-2qee
16
vulnerability VCID-a93n-jcyj-s7cb
17
vulnerability VCID-afe9-yqy2-8bdb
18
vulnerability VCID-b7h9-cxkj-hkc8
19
vulnerability VCID-c4kq-8dpb-bkc7
20
vulnerability VCID-cj4m-mvzh-ckh4
21
vulnerability VCID-d7nb-6hvn-cueh
22
vulnerability VCID-e5c7-wsvb-dyfm
23
vulnerability VCID-e5h2-wvws-3yhq
24
vulnerability VCID-eaks-bevz-uuc8
25
vulnerability VCID-ebmm-3qj1-8uec
26
vulnerability VCID-ebzh-bpks-5qe2
27
vulnerability VCID-euw1-6mk1-n3he
28
vulnerability VCID-f9dw-g5c2-jba1
29
vulnerability VCID-fxtu-zgpf-cbhs
30
vulnerability VCID-ggs5-4zac-vqa7
31
vulnerability VCID-gp4p-wthk-k3hf
32
vulnerability VCID-gv7c-qump-nyds
33
vulnerability VCID-gz3a-m337-s7dn
34
vulnerability VCID-h261-uqtv-yfek
35
vulnerability VCID-hrnu-4t2j-9qba
36
vulnerability VCID-hw1d-gdcv-vkec
37
vulnerability VCID-jarq-qchk-nkc1
38
vulnerability VCID-jkje-ckr9-6ffp
39
vulnerability VCID-jr2w-84ez-3kg2
40
vulnerability VCID-k29y-9nww-cuh6
41
vulnerability VCID-k6d6-hyep-pbac
42
vulnerability VCID-k9yt-aj7x-3bht
43
vulnerability VCID-menx-yu2z-xkeh
44
vulnerability VCID-n6qs-hded-rydp
45
vulnerability VCID-p4nc-ucxy-sydb
46
vulnerability VCID-p7s6-d63y-4ffb
47
vulnerability VCID-p9am-1rhf-6bh2
48
vulnerability VCID-qar1-pfr5-ekfm
49
vulnerability VCID-rtqu-78p2-buej
50
vulnerability VCID-sn9p-y571-ffej
51
vulnerability VCID-t51p-askk-pfcx
52
vulnerability VCID-uug8-ap5n-r3g2
53
vulnerability VCID-vrqa-ggse-wqhn
54
vulnerability VCID-vsg8-h11j-63ge
55
vulnerability VCID-x7ny-9pvm-77eh
56
vulnerability VCID-x93k-k3f7-y3hk
57
vulnerability VCID-xe2v-j69t-d3h3
58
vulnerability VCID-xu7c-vz69-duhp
59
vulnerability VCID-yq5x-4eyq-m7ba
60
vulnerability VCID-yump-6eg9-9yeq
61
vulnerability VCID-zc36-wq6m-4bbn
62
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
aliases CVE-2020-15842, GHSA-mg3r-9jh8-33r9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwhx-5znm-nyea
28
url VCID-x13m-kscr-nkbf
vulnerability_id VCID-x13m-kscr-nkbf
summary 
Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate
The Flags module before version 5.0.11 in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33320
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60528
published_at 2026-06-08T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60544
published_at 2026-06-07T12:55:00Z
2
value 0.00392
scoring_system epss
scoring_elements 0.60502
published_at 2026-06-04T12:55:00Z
3
value 0.00392
scoring_system epss
scoring_elements 0.60556
published_at 2026-06-06T12:55:00Z
4
value 0.00392
scoring_system epss
scoring_elements 0.6055
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33320
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17007
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17007
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33320-flagging-content-as-inappropriate-is-not-rate-limited?p_r_p_assetEntryId=121611464&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611464%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33320-flagging-content-as-inappropriate-is-not-rate-limited?p_r_p_assetEntryId=121611464&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611464%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33320
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33320
5
reference_url https://github.com/advisories/GHSA-wg4x-hf94-fj5v
reference_id GHSA-wg4x-hf94-fj5v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wg4x-hf94-fj5v
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-4mcy-yw2p-v7bd
6
vulnerability VCID-5vyh-n1sc-sydy
7
vulnerability VCID-67kh-3nge-vfhg
8
vulnerability VCID-68kz-zfvf-7ucw
9
vulnerability VCID-6r32-cn35-sqcb
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7gqd-78yq-r3be
12
vulnerability VCID-7zhe-ztqw-gkhh
13
vulnerability VCID-8jv6-163j-a7b2
14
vulnerability VCID-9471-umbz-pucy
15
vulnerability VCID-a7z8-2fzy-2qee
16
vulnerability VCID-a93n-jcyj-s7cb
17
vulnerability VCID-afe9-yqy2-8bdb
18
vulnerability VCID-b7h9-cxkj-hkc8
19
vulnerability VCID-c4kq-8dpb-bkc7
20
vulnerability VCID-cj4m-mvzh-ckh4
21
vulnerability VCID-d7nb-6hvn-cueh
22
vulnerability VCID-e5c7-wsvb-dyfm
23
vulnerability VCID-e5h2-wvws-3yhq
24
vulnerability VCID-eaks-bevz-uuc8
25
vulnerability VCID-ebmm-3qj1-8uec
26
vulnerability VCID-ebzh-bpks-5qe2
27
vulnerability VCID-euw1-6mk1-n3he
28
vulnerability VCID-f9dw-g5c2-jba1
29
vulnerability VCID-fxtu-zgpf-cbhs
30
vulnerability VCID-ggs5-4zac-vqa7
31
vulnerability VCID-gp4p-wthk-k3hf
32
vulnerability VCID-gv7c-qump-nyds
33
vulnerability VCID-gz3a-m337-s7dn
34
vulnerability VCID-h261-uqtv-yfek
35
vulnerability VCID-hrnu-4t2j-9qba
36
vulnerability VCID-hw1d-gdcv-vkec
37
vulnerability VCID-jarq-qchk-nkc1
38
vulnerability VCID-jkje-ckr9-6ffp
39
vulnerability VCID-jr2w-84ez-3kg2
40
vulnerability VCID-k29y-9nww-cuh6
41
vulnerability VCID-k6d6-hyep-pbac
42
vulnerability VCID-k9yt-aj7x-3bht
43
vulnerability VCID-menx-yu2z-xkeh
44
vulnerability VCID-n6qs-hded-rydp
45
vulnerability VCID-p4nc-ucxy-sydb
46
vulnerability VCID-p7s6-d63y-4ffb
47
vulnerability VCID-p9am-1rhf-6bh2
48
vulnerability VCID-qar1-pfr5-ekfm
49
vulnerability VCID-rtqu-78p2-buej
50
vulnerability VCID-sn9p-y571-ffej
51
vulnerability VCID-t51p-askk-pfcx
52
vulnerability VCID-uug8-ap5n-r3g2
53
vulnerability VCID-vrqa-ggse-wqhn
54
vulnerability VCID-vsg8-h11j-63ge
55
vulnerability VCID-x7ny-9pvm-77eh
56
vulnerability VCID-x93k-k3f7-y3hk
57
vulnerability VCID-xe2v-j69t-d3h3
58
vulnerability VCID-xu7c-vz69-duhp
59
vulnerability VCID-yq5x-4eyq-m7ba
60
vulnerability VCID-yump-6eg9-9yeq
61
vulnerability VCID-zc36-wq6m-4bbn
62
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
aliases CVE-2021-33320, GHSA-wg4x-hf94-fj5v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x13m-kscr-nkbf
29
url VCID-x93k-k3f7-y3hk
vulnerability_id VCID-x93k-k3f7-y3hk
summary 
Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_journal_web_portlet_JournalPortlet_name parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33336
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.3761
published_at 2026-06-07T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37641
published_at 2026-06-06T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.37637
published_at 2026-06-05T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37571
published_at 2026-06-08T12:55:00Z
4
value 0.00167
scoring_system epss
scoring_elements 0.37546
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33336
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17078
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17078
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33336
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33336
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-33336-stored-xss-with-structure-name
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-33336-stored-xss-with-structure-name
5
reference_url https://github.com/advisories/GHSA-fvg6-9r88-7w85
reference_id GHSA-fvg6-9r88-7w85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fvg6-9r88-7w85
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-68kz-zfvf-7ucw
8
vulnerability VCID-6r32-cn35-sqcb
9
vulnerability VCID-6yj4-11z6-pfhx
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7zhe-ztqw-gkhh
12
vulnerability VCID-8jv6-163j-a7b2
13
vulnerability VCID-9471-umbz-pucy
14
vulnerability VCID-a7z8-2fzy-2qee
15
vulnerability VCID-a93n-jcyj-s7cb
16
vulnerability VCID-afe9-yqy2-8bdb
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-ebmm-3qj1-8uec
22
vulnerability VCID-euw1-6mk1-n3he
23
vulnerability VCID-f9dw-g5c2-jba1
24
vulnerability VCID-fxtu-zgpf-cbhs
25
vulnerability VCID-gp4p-wthk-k3hf
26
vulnerability VCID-gv7c-qump-nyds
27
vulnerability VCID-gz3a-m337-s7dn
28
vulnerability VCID-jarq-qchk-nkc1
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-jr2w-84ez-3kg2
31
vulnerability VCID-k29y-9nww-cuh6
32
vulnerability VCID-k6d6-hyep-pbac
33
vulnerability VCID-k9yt-aj7x-3bht
34
vulnerability VCID-n6qs-hded-rydp
35
vulnerability VCID-p4nc-ucxy-sydb
36
vulnerability VCID-p7s6-d63y-4ffb
37
vulnerability VCID-qar1-pfr5-ekfm
38
vulnerability VCID-rtqu-78p2-buej
39
vulnerability VCID-sn9p-y571-ffej
40
vulnerability VCID-t51p-askk-pfcx
41
vulnerability VCID-vsg8-h11j-63ge
42
vulnerability VCID-x13m-kscr-nkbf
43
vulnerability VCID-x7ny-9pvm-77eh
44
vulnerability VCID-xe2v-j69t-d3h3
45
vulnerability VCID-xu7c-vz69-duhp
46
vulnerability VCID-yq5x-4eyq-m7ba
47
vulnerability VCID-yump-6eg9-9yeq
48
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-cj4m-mvzh-ckh4
18
vulnerability VCID-d7nb-6hvn-cueh
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-eaks-bevz-uuc8
22
vulnerability VCID-ebmm-3qj1-8uec
23
vulnerability VCID-ebzh-bpks-5qe2
24
vulnerability VCID-euw1-6mk1-n3he
25
vulnerability VCID-f9dw-g5c2-jba1
26
vulnerability VCID-fxtu-zgpf-cbhs
27
vulnerability VCID-ggs5-4zac-vqa7
28
vulnerability VCID-gp4p-wthk-k3hf
29
vulnerability VCID-gz3a-m337-s7dn
30
vulnerability VCID-h261-uqtv-yfek
31
vulnerability VCID-hrnu-4t2j-9qba
32
vulnerability VCID-hw1d-gdcv-vkec
33
vulnerability VCID-jarq-qchk-nkc1
34
vulnerability VCID-jkje-ckr9-6ffp
35
vulnerability VCID-k6d6-hyep-pbac
36
vulnerability VCID-k9yt-aj7x-3bht
37
vulnerability VCID-menx-yu2z-xkeh
38
vulnerability VCID-n6qs-hded-rydp
39
vulnerability VCID-p4nc-ucxy-sydb
40
vulnerability VCID-p7s6-d63y-4ffb
41
vulnerability VCID-p9am-1rhf-6bh2
42
vulnerability VCID-qar1-pfr5-ekfm
43
vulnerability VCID-rtqu-78p2-buej
44
vulnerability VCID-t51p-askk-pfcx
45
vulnerability VCID-uug8-ap5n-r3g2
46
vulnerability VCID-vsg8-h11j-63ge
47
vulnerability VCID-x7ny-9pvm-77eh
48
vulnerability VCID-xe2v-j69t-d3h3
49
vulnerability VCID-xu7c-vz69-duhp
50
vulnerability VCID-yq5x-4eyq-m7ba
51
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp7
aliases CVE-2021-33336, GHSA-fvg6-9r88-7w85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x93k-k3f7-y3hk
30
url VCID-xe2v-j69t-d3h3
vulnerability_id VCID-xe2v-j69t-d3h3
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Wiki Web before 7.0.95 from Liferay Portal (7.1.0 through 7.4.3.87), and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42628
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36609
published_at 2026-06-05T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36544
published_at 2026-06-08T12:55:00Z
2
value 0.00159
scoring_system epss
scoring_elements 0.36581
published_at 2026-06-07T12:55:00Z
3
value 0.00159
scoring_system epss
scoring_elements 0.36618
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42628
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
reference_id CVE-2023-42628
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
reference_id CVE-2023-42628
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
5
reference_url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
reference_id GHSA-hv45-r2f5-fmhj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7f43-u96s-qyeq
3
vulnerability VCID-8jv6-163j-a7b2
4
vulnerability VCID-9471-umbz-pucy
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-n6qs-hded-rydp
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-rtqu-78p2-buej
16
vulnerability VCID-vsg8-h11j-63ge
17
vulnerability VCID-xu7c-vz69-duhp
18
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-e5h2-wvws-3yhq
2
vulnerability VCID-ebmm-3qj1-8uec
3
vulnerability VCID-euw1-6mk1-n3he
4
vulnerability VCID-fxtu-zgpf-cbhs
5
vulnerability VCID-p4nc-ucxy-sydb
6
vulnerability VCID-rtqu-78p2-buej
7
vulnerability VCID-vsg8-h11j-63ge
8
vulnerability VCID-xu7c-vz69-duhp
9
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-ebzh-bpks-5qe2
2
vulnerability VCID-euw1-6mk1-n3he
3
vulnerability VCID-rtqu-78p2-buej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27a1-teqk-cbe2
1
vulnerability VCID-ebzh-bpks-5qe2
2
vulnerability VCID-ezpm-x3vx-zfe6
3
vulnerability VCID-tqvb-a46r-jbf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
aliases CVE-2023-42628, GHSA-hv45-r2f5-fmhj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xe2v-j69t-d3h3
31
url VCID-yq5x-4eyq-m7ba
vulnerability_id VCID-yq5x-4eyq-m7ba
summary 
Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs
Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33331
reference_id
reference_type
scores
0
value 0.00356
scoring_system epss
scoring_elements 0.58217
published_at 2026-06-07T12:55:00Z
1
value 0.00356
scoring_system epss
scoring_elements 0.58227
published_at 2026-06-06T12:55:00Z
2
value 0.00356
scoring_system epss
scoring_elements 0.58218
published_at 2026-06-05T12:55:00Z
3
value 0.00356
scoring_system epss
scoring_elements 0.58202
published_at 2026-06-08T12:55:00Z
4
value 0.00356
scoring_system epss
scoring_elements 0.58169
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33331
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17022
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17022
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33331
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33331
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627
5
reference_url https://github.com/advisories/GHSA-mj8w-h522-jwm8
reference_id GHSA-mj8w-h522-jwm8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mj8w-h522-jwm8
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-6r32-cn35-sqcb
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7gqd-78yq-r3be
9
vulnerability VCID-7zhe-ztqw-gkhh
10
vulnerability VCID-8jv6-163j-a7b2
11
vulnerability VCID-9471-umbz-pucy
12
vulnerability VCID-a7z8-2fzy-2qee
13
vulnerability VCID-a93n-jcyj-s7cb
14
vulnerability VCID-afe9-yqy2-8bdb
15
vulnerability VCID-b7h9-cxkj-hkc8
16
vulnerability VCID-cj4m-mvzh-ckh4
17
vulnerability VCID-d7nb-6hvn-cueh
18
vulnerability VCID-e5c7-wsvb-dyfm
19
vulnerability VCID-e5h2-wvws-3yhq
20
vulnerability VCID-eaks-bevz-uuc8
21
vulnerability VCID-ebmm-3qj1-8uec
22
vulnerability VCID-ebzh-bpks-5qe2
23
vulnerability VCID-euw1-6mk1-n3he
24
vulnerability VCID-f9dw-g5c2-jba1
25
vulnerability VCID-fxtu-zgpf-cbhs
26
vulnerability VCID-ggs5-4zac-vqa7
27
vulnerability VCID-gp4p-wthk-k3hf
28
vulnerability VCID-gz3a-m337-s7dn
29
vulnerability VCID-h261-uqtv-yfek
30
vulnerability VCID-hrnu-4t2j-9qba
31
vulnerability VCID-hw1d-gdcv-vkec
32
vulnerability VCID-jarq-qchk-nkc1
33
vulnerability VCID-jkje-ckr9-6ffp
34
vulnerability VCID-k6d6-hyep-pbac
35
vulnerability VCID-k9yt-aj7x-3bht
36
vulnerability VCID-menx-yu2z-xkeh
37
vulnerability VCID-n6qs-hded-rydp
38
vulnerability VCID-p4nc-ucxy-sydb
39
vulnerability VCID-p9am-1rhf-6bh2
40
vulnerability VCID-qar1-pfr5-ekfm
41
vulnerability VCID-rtqu-78p2-buej
42
vulnerability VCID-t51p-askk-pfcx
43
vulnerability VCID-uug8-ap5n-r3g2
44
vulnerability VCID-vsg8-h11j-63ge
45
vulnerability VCID-x7ny-9pvm-77eh
46
vulnerability VCID-xe2v-j69t-d3h3
47
vulnerability VCID-xu7c-vz69-duhp
48
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp8
aliases CVE-2021-33331, GHSA-mj8w-h522-jwm8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yq5x-4eyq-m7ba
32
url VCID-yump-6eg9-9yeq
vulnerability_id VCID-yump-6eg9-9yeq
summary 
Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33333
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.5215
published_at 2026-06-07T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.5217
published_at 2026-06-06T12:55:00Z
2
value 0.00285
scoring_system epss
scoring_elements 0.52161
published_at 2026-06-05T12:55:00Z
3
value 0.00285
scoring_system epss
scoring_elements 0.5212
published_at 2026-06-08T12:55:00Z
4
value 0.00285
scoring_system epss
scoring_elements 0.52101
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33333
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17032
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17032
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33333
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33333
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747742
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747742
5
reference_url https://github.com/advisories/GHSA-g7xc-m762-wg8f
reference_id GHSA-g7xc-m762-wg8f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g7xc-m762-wg8f
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-6r32-cn35-sqcb
6
vulnerability VCID-6yj4-11z6-pfhx
7
vulnerability VCID-7f43-u96s-qyeq
8
vulnerability VCID-7zhe-ztqw-gkhh
9
vulnerability VCID-8jv6-163j-a7b2
10
vulnerability VCID-9471-umbz-pucy
11
vulnerability VCID-a7z8-2fzy-2qee
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-afe9-yqy2-8bdb
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-euw1-6mk1-n3he
19
vulnerability VCID-f9dw-g5c2-jba1
20
vulnerability VCID-fxtu-zgpf-cbhs
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-gz3a-m337-s7dn
23
vulnerability VCID-jarq-qchk-nkc1
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k6d6-hyep-pbac
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-qar1-pfr5-ekfm
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-t51p-askk-pfcx
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-x13m-kscr-nkbf
34
vulnerability VCID-x7ny-9pvm-77eh
35
vulnerability VCID-xe2v-j69t-d3h3
36
vulnerability VCID-xu7c-vz69-duhp
37
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-d7nb-6hvn-cueh
20
vulnerability VCID-e5c7-wsvb-dyfm
21
vulnerability VCID-e5h2-wvws-3yhq
22
vulnerability VCID-eaks-bevz-uuc8
23
vulnerability VCID-ebmm-3qj1-8uec
24
vulnerability VCID-ebzh-bpks-5qe2
25
vulnerability VCID-euw1-6mk1-n3he
26
vulnerability VCID-f9dw-g5c2-jba1
27
vulnerability VCID-fxtu-zgpf-cbhs
28
vulnerability VCID-ggs5-4zac-vqa7
29
vulnerability VCID-gp4p-wthk-k3hf
30
vulnerability VCID-gv7c-qump-nyds
31
vulnerability VCID-gz3a-m337-s7dn
32
vulnerability VCID-h261-uqtv-yfek
33
vulnerability VCID-hrnu-4t2j-9qba
34
vulnerability VCID-hw1d-gdcv-vkec
35
vulnerability VCID-jarq-qchk-nkc1
36
vulnerability VCID-jkje-ckr9-6ffp
37
vulnerability VCID-jr2w-84ez-3kg2
38
vulnerability VCID-k29y-9nww-cuh6
39
vulnerability VCID-k6d6-hyep-pbac
40
vulnerability VCID-k9yt-aj7x-3bht
41
vulnerability VCID-menx-yu2z-xkeh
42
vulnerability VCID-n6qs-hded-rydp
43
vulnerability VCID-p4nc-ucxy-sydb
44
vulnerability VCID-p7s6-d63y-4ffb
45
vulnerability VCID-p9am-1rhf-6bh2
46
vulnerability VCID-qar1-pfr5-ekfm
47
vulnerability VCID-rtqu-78p2-buej
48
vulnerability VCID-sn9p-y571-ffej
49
vulnerability VCID-t51p-askk-pfcx
50
vulnerability VCID-uug8-ap5n-r3g2
51
vulnerability VCID-vsg8-h11j-63ge
52
vulnerability VCID-x7ny-9pvm-77eh
53
vulnerability VCID-x93k-k3f7-y3hk
54
vulnerability VCID-xe2v-j69t-d3h3
55
vulnerability VCID-xu7c-vz69-duhp
56
vulnerability VCID-yq5x-4eyq-m7ba
57
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
aliases CVE-2021-33333, GHSA-g7xc-m762-wg8f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yump-6eg9-9yeq
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.0