Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/65222?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/65222?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.0.0", "type": "maven", "namespace": "com.liferay.portal", "name": "release.portal.bom", "version": "7.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111769?format=api", "vulnerability_id": "VCID-17tm-rzgk-qfas", "summary": "Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page\nCross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the (1) _com_liferay_journal_web_portlet_JournalPortlet_name or (2) _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35015", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35052", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35038", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.34978", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.34942", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33328" }, { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://issues.liferay.com/browse/LPE-17100", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.liferay.com/browse/LPE-17100" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33328", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33328" }, { "reference_url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972" }, { "reference_url": "https://github.com/advisories/GHSA-vpvm-3wfw-5f5c", "reference_id": "GHSA-vpvm-3wfw-5f5c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vpvm-3wfw-5f5c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151059?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-1h16-mptk-gke7" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-266t-4gfq-duh4" }, { "vulnerability": "VCID-298n-mh47-3ygq" }, { "vulnerability": "VCID-2fn6-apud-qbh4" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-37ph-hjq9-bufq" }, { "vulnerability": "VCID-38vz-usgx-g7dv" }, { "vulnerability": "VCID-4611-azkf-sffv" }, { "vulnerability": "VCID-4mcy-yw2p-v7bd" }, { "vulnerability": "VCID-77qw-vmwe-x3d4" }, { "vulnerability": "VCID-7f43-u96s-qyeq" }, { "vulnerability": "VCID-7tas-6nn4-9fhu" }, { "vulnerability": "VCID-8fdv-x8z8-6bcf" }, { "vulnerability": "VCID-8jv6-163j-a7b2" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-9471-umbz-pucy" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-afe9-yqy2-8bdb" }, { "vulnerability": "VCID-b1cb-4tud-jked" }, { "vulnerability": "VCID-b7h9-cxkj-hkc8" }, { "vulnerability": "VCID-bg89-tyhn-sfc3" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-cj4m-mvzh-ckh4" }, { "vulnerability": "VCID-dt2w-w4vw-1yhe" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-e5h2-wvws-3yhq" }, { "vulnerability": "VCID-ebmm-3qj1-8uec" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-fxtu-zgpf-cbhs" }, { "vulnerability": "VCID-gaqh-vn1h-b3c1" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-gz3a-m337-s7dn" }, { "vulnerability": "VCID-h261-uqtv-yfek" }, { "vulnerability": "VCID-hhmu-vsj9-gudx" }, { "vulnerability": "VCID-hrnu-4t2j-9qba" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-hw1d-gdcv-vkec" }, { "vulnerability": "VCID-k1u8-ur3y-zucd" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-kjbx-n3pd-yba9" }, { "vulnerability": "VCID-mcea-q7za-duay" }, { "vulnerability": "VCID-mph8-zzjv-67av" }, { "vulnerability": "VCID-msd2-mccp-z7cv" }, { "vulnerability": "VCID-p4nc-ucxy-sydb" }, { "vulnerability": "VCID-p9am-1rhf-6bh2" }, { "vulnerability": "VCID-pczz-39pz-37bb" }, { "vulnerability": "VCID-pdbx-p4mr-97h4" }, { "vulnerability": "VCID-qks2-mqk8-wffq" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-vez2-knrw-ubbe" }, { "vulnerability": "VCID-x7ny-9pvm-77eh" }, { "vulnerability": "VCID-xn1n-5rgc-83bg" }, { "vulnerability": "VCID-xuaz-p5q4-8beh" }, { "vulnerability": "VCID-y8xm-g4zt-b7b5" }, { "vulnerability": "VCID-ydhb-8z5m-v7fb" }, { "vulnerability": "VCID-ykxs-jz2j-bqay" }, { "vulnerability": "VCID-zmf4-acz8-s3a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5" } ], "aliases": [ "CVE-2021-33328", "GHSA-vpvm-3wfw-5f5c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17tm-rzgk-qfas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110913?format=api", "vulnerability_id": "VCID-1h16-mptk-gke7", "summary": "Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password\nThe Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing.", "references": [ { "reference_url": "http://liferay.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://liferay.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42502", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42586", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42575", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42524", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42559", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29043" }, { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29043", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29043" }, { "reference_url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515" }, { "reference_url": "https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515" }, { "reference_url": "https://github.com/advisories/GHSA-xx2h-2hf5-v7vv", "reference_id": "GHSA-xx2h-2hf5-v7vv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xx2h-2hf5-v7vv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150185?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-266t-4gfq-duh4" }, { "vulnerability": "VCID-298n-mh47-3ygq" }, { "vulnerability": "VCID-2fn6-apud-qbh4" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-37ph-hjq9-bufq" }, { "vulnerability": "VCID-38vz-usgx-g7dv" }, { "vulnerability": "VCID-4611-azkf-sffv" }, { "vulnerability": "VCID-4mcy-yw2p-v7bd" }, { "vulnerability": "VCID-77qw-vmwe-x3d4" }, { "vulnerability": "VCID-7tas-6nn4-9fhu" }, { "vulnerability": "VCID-8jv6-163j-a7b2" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-9471-umbz-pucy" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-afe9-yqy2-8bdb" }, { "vulnerability": "VCID-b1cb-4tud-jked" }, { "vulnerability": "VCID-b7h9-cxkj-hkc8" }, { "vulnerability": "VCID-bg89-tyhn-sfc3" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-cj4m-mvzh-ckh4" }, { "vulnerability": "VCID-dt2w-w4vw-1yhe" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-e5h2-wvws-3yhq" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-gaqh-vn1h-b3c1" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-h261-uqtv-yfek" }, { "vulnerability": "VCID-hhmu-vsj9-gudx" }, { "vulnerability": "VCID-hrnu-4t2j-9qba" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-hw1d-gdcv-vkec" }, { "vulnerability": "VCID-k1u8-ur3y-zucd" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-kjbx-n3pd-yba9" }, { "vulnerability": "VCID-mcea-q7za-duay" }, { "vulnerability": "VCID-mph8-zzjv-67av" }, { "vulnerability": "VCID-msd2-mccp-z7cv" }, { "vulnerability": "VCID-p9am-1rhf-6bh2" }, { "vulnerability": "VCID-pczz-39pz-37bb" }, { "vulnerability": "VCID-pdbx-p4mr-97h4" }, { "vulnerability": "VCID-qks2-mqk8-wffq" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-vez2-knrw-ubbe" }, { "vulnerability": "VCID-xn1n-5rgc-83bg" }, { "vulnerability": "VCID-xuaz-p5q4-8beh" }, { "vulnerability": "VCID-y8xm-g4zt-b7b5" }, { "vulnerability": "VCID-ydhb-8z5m-v7fb" }, { "vulnerability": "VCID-zmf4-acz8-s3a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6" } ], "aliases": [ "CVE-2021-29043", "GHSA-xx2h-2hf5-v7vv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1h16-mptk-gke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112176?format=api", "vulnerability_id": "VCID-2dc6-guhs-juhy", "summary": "Liferay Portal and Liferay DXP Fails to Properly Check User Permissions\nThe Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms \"Access in Site Administration\" permission to view all forms and form entries in a site via the forms section in site administration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33334", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2393", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23982", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23999", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23873", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23903", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33334" }, { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://issues.liferay.com/browse/LPE-17039", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.liferay.com/browse/LPE-17039" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33334", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33334" }, { "reference_url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332" }, { "reference_url": "https://github.com/advisories/GHSA-g37f-j8hh-736f", "reference_id": "GHSA-g37f-j8hh-736f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g37f-j8hh-736f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/520090?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17tm-rzgk-qfas" }, { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-1h16-mptk-gke7" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-266t-4gfq-duh4" }, { "vulnerability": "VCID-298n-mh47-3ygq" }, { "vulnerability": "VCID-2fn6-apud-qbh4" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-37ph-hjq9-bufq" }, { "vulnerability": "VCID-38vz-usgx-g7dv" }, { "vulnerability": "VCID-3nm8-13hg-myh4" }, { "vulnerability": "VCID-4611-azkf-sffv" }, { "vulnerability": "VCID-4mcy-yw2p-v7bd" }, { "vulnerability": "VCID-68kz-zfvf-7ucw" }, { "vulnerability": "VCID-6q85-j656-wyeh" }, { "vulnerability": "VCID-77qw-vmwe-x3d4" }, { "vulnerability": "VCID-8fdv-x8z8-6bcf" }, { "vulnerability": "VCID-8jv6-163j-a7b2" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-9471-umbz-pucy" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-afe9-yqy2-8bdb" }, { "vulnerability": "VCID-b1cb-4tud-jked" }, { "vulnerability": "VCID-b7h9-cxkj-hkc8" }, { "vulnerability": "VCID-bg89-tyhn-sfc3" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-cj4m-mvzh-ckh4" }, { "vulnerability": "VCID-d7nb-6hvn-cueh" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-e5h2-wvws-3yhq" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-gz3a-m337-s7dn" }, { "vulnerability": "VCID-h261-uqtv-yfek" }, { "vulnerability": "VCID-hhmu-vsj9-gudx" }, { "vulnerability": "VCID-hrnu-4t2j-9qba" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-hw1d-gdcv-vkec" }, { "vulnerability": "VCID-k1u8-ur3y-zucd" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-kjbx-n3pd-yba9" }, { "vulnerability": "VCID-mcea-q7za-duay" }, { "vulnerability": "VCID-mph8-zzjv-67av" }, { "vulnerability": "VCID-p4nc-ucxy-sydb" }, { "vulnerability": "VCID-p9am-1rhf-6bh2" }, { "vulnerability": "VCID-pczz-39pz-37bb" }, { "vulnerability": "VCID-pdbx-p4mr-97h4" }, { "vulnerability": "VCID-qar1-pfr5-ekfm" }, { "vulnerability": "VCID-qks2-mqk8-wffq" }, { "vulnerability": "VCID-t51p-askk-pfcx" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-uv23-yfgk-87h9" }, { "vulnerability": "VCID-vez2-knrw-ubbe" }, { "vulnerability": "VCID-x7ny-9pvm-77eh" }, { "vulnerability": "VCID-x93k-k3f7-y3hk" }, { "vulnerability": "VCID-xuaz-p5q4-8beh" }, { "vulnerability": "VCID-y8xm-g4zt-b7b5" }, { "vulnerability": "VCID-ydhb-8z5m-v7fb" }, { "vulnerability": "VCID-zmf4-acz8-s3a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1" } ], "aliases": [ "CVE-2021-33334", "GHSA-g37f-j8hh-736f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dc6-guhs-juhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111115?format=api", "vulnerability_id": "VCID-c4kq-8dpb-bkc7", "summary": "Liferay Portal and Liferay DXP Fails to Sanitize API Data\nLiferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 19, and 7.2 before fix pack 7, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48437", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48432", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48389", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48369", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48418", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13444" }, { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://issues.liferay.com/browse/LPE-17009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.liferay.com/browse/LPE-17009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13444" }, { "reference_url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396" }, { "reference_url": "https://github.com/advisories/GHSA-8j5r-9687-88w5", "reference_id": "GHSA-8j5r-9687-88w5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8j5r-9687-88w5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60881?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17tm-rzgk-qfas" }, { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-1h16-mptk-gke7" }, { "vulnerability": "VCID-266t-4gfq-duh4" }, { "vulnerability": "VCID-298n-mh47-3ygq" }, { "vulnerability": "VCID-2dc6-guhs-juhy" }, { "vulnerability": "VCID-2fn6-apud-qbh4" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-37ph-hjq9-bufq" }, { "vulnerability": "VCID-38vz-usgx-g7dv" }, { "vulnerability": "VCID-3nm8-13hg-myh4" }, { "vulnerability": "VCID-4611-azkf-sffv" }, { "vulnerability": "VCID-4mcy-yw2p-v7bd" }, { "vulnerability": "VCID-68kz-zfvf-7ucw" }, { "vulnerability": "VCID-6q85-j656-wyeh" }, { "vulnerability": "VCID-77qw-vmwe-x3d4" }, { "vulnerability": "VCID-8fdv-x8z8-6bcf" }, { "vulnerability": "VCID-8jv6-163j-a7b2" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-9471-umbz-pucy" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-afe9-yqy2-8bdb" }, { "vulnerability": "VCID-b1cb-4tud-jked" }, { "vulnerability": "VCID-b7h9-cxkj-hkc8" }, { "vulnerability": "VCID-bg89-tyhn-sfc3" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-cj4m-mvzh-ckh4" }, { "vulnerability": "VCID-d7nb-6hvn-cueh" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-e5h2-wvws-3yhq" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-gv7c-qump-nyds" }, { "vulnerability": "VCID-gz3a-m337-s7dn" }, { "vulnerability": "VCID-h261-uqtv-yfek" }, { "vulnerability": "VCID-hhmu-vsj9-gudx" }, { "vulnerability": "VCID-hrnu-4t2j-9qba" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-hw1d-gdcv-vkec" }, { "vulnerability": "VCID-k1u8-ur3y-zucd" }, { "vulnerability": "VCID-k29y-9nww-cuh6" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-kjbx-n3pd-yba9" }, { "vulnerability": "VCID-mcea-q7za-duay" }, { "vulnerability": "VCID-mph8-zzjv-67av" }, { "vulnerability": "VCID-p4nc-ucxy-sydb" }, { "vulnerability": "VCID-p9am-1rhf-6bh2" }, { "vulnerability": "VCID-pczz-39pz-37bb" }, { "vulnerability": "VCID-pdbx-p4mr-97h4" }, { "vulnerability": "VCID-qar1-pfr5-ekfm" }, { "vulnerability": "VCID-qks2-mqk8-wffq" }, { "vulnerability": "VCID-t51p-askk-pfcx" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-uv23-yfgk-87h9" }, { "vulnerability": "VCID-vez2-knrw-ubbe" }, { "vulnerability": "VCID-x7ny-9pvm-77eh" }, { "vulnerability": "VCID-x93k-k3f7-y3hk" }, { "vulnerability": "VCID-xuaz-p5q4-8beh" }, { "vulnerability": "VCID-y8xm-g4zt-b7b5" }, { "vulnerability": "VCID-ydhb-8z5m-v7fb" }, { "vulnerability": "VCID-yump-6eg9-9yeq" }, { "vulnerability": "VCID-zmf4-acz8-s3a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2" } ], "aliases": [ "CVE-2020-13444", "GHSA-8j5r-9687-88w5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4kq-8dpb-bkc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56369?format=api", "vulnerability_id": "VCID-e5h2-wvws-3yhq", "summary": "Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page\nCross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38772", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38743", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38795", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38799", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37940" }, { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940", "reference_id": "CVE-2023-37940", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/" } ], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37940", "reference_id": "CVE-2023-37940", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37940" }, { "reference_url": "https://github.com/advisories/GHSA-px38-239g-x5mg", "reference_id": "GHSA-px38-239g-x5mg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-px38-239g-x5mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83576?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11qf-d5xp-4fey" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-27a1-teqk-cbe2" }, { "vulnerability": "VCID-292m-hgvs-93ey" }, { "vulnerability": "VCID-2bcr-bxek-skfq" }, { "vulnerability": "VCID-2dra-x6f5-xybz" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-3hm3-htje-akgd" }, { "vulnerability": "VCID-434b-p73k-5fam" }, { "vulnerability": "VCID-4kym-jhtn-cfa3" }, { "vulnerability": "VCID-4xqq-69ab-1qew" }, { "vulnerability": "VCID-5732-ffyz-9fh5" }, { "vulnerability": "VCID-5bex-xcub-3qhr" }, { "vulnerability": "VCID-5nq8-gsav-5ffq" }, { "vulnerability": "VCID-68yp-31d3-zbay" }, { "vulnerability": "VCID-6yrk-8tj5-juhp" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-b24q-c9nx-hkdy" }, { "vulnerability": "VCID-brjh-tyur-ebc8" }, { "vulnerability": "VCID-by7b-2zr9-y3dj" }, { "vulnerability": "VCID-ca62-h2qv-v7bg" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-csnj-331s-43ea" }, { "vulnerability": "VCID-d56y-s4zt-uyd7" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ej5y-geq1-pkfn" }, { "vulnerability": "VCID-evap-nt9g-akf6" }, { "vulnerability": "VCID-g41m-xvk2-xfda" }, { "vulnerability": "VCID-ggmh-6ef8-7ufj" }, { "vulnerability": "VCID-gyge-7d5c-6uhz" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-j3pc-gwg6-qfbs" }, { "vulnerability": "VCID-ksvn-b6hv-hfa7" }, { "vulnerability": "VCID-mbd8-z3ry-cqap" }, { "vulnerability": "VCID-mf9a-eusx-f3gb" }, { "vulnerability": "VCID-nhp5-61h7-ryf4" }, { "vulnerability": "VCID-pf71-p73a-xyda" }, { "vulnerability": "VCID-qy5u-7m7g-4ben" }, { "vulnerability": "VCID-r363-kggk-k3ds" }, { "vulnerability": "VCID-rns1-e6pd-tkex" }, { "vulnerability": "VCID-rs2y-3c75-uycm" }, { "vulnerability": "VCID-s86p-ew9a-rkgt" }, { "vulnerability": "VCID-su57-hncy-5qg4" }, { "vulnerability": "VCID-sw28-urg9-tqgd" }, { "vulnerability": "VCID-tf5n-etq9-2bg1" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-w7z4-h1ug-z3cq" }, { "vulnerability": "VCID-wpqk-8fd9-p3ex" }, { "vulnerability": "VCID-xn1n-5rgc-83bg" }, { "vulnerability": "VCID-xv4h-g41b-c7c7" }, { "vulnerability": "VCID-y1wd-arvg-2ugt" }, { "vulnerability": "VCID-ynk1-3fye-bfcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88" } ], "aliases": [ "CVE-2023-37940", "GHSA-px38-239g-x5mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5h2-wvws-3yhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45262?format=api", "vulnerability_id": "VCID-g2jp-ueyr-gkav", "summary": "Insecure Default Initialization In Liferay Portal\nIn Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.57037", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57187", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57183", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57195", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33949" }, { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949", "reference_id": "CVE-2023-33949", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:48:38Z/" } ], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33949", "reference_id": "CVE-2023-33949", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33949" }, { "reference_url": "https://github.com/advisories/GHSA-g9mr-9xfc-4gf7", "reference_id": "GHSA-g9mr-9xfc-4gf7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9mr-9xfc-4gf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65206?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17tm-rzgk-qfas" }, { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-1h16-mptk-gke7" }, { "vulnerability": "VCID-266t-4gfq-duh4" }, { "vulnerability": "VCID-298n-mh47-3ygq" }, { "vulnerability": "VCID-2dc6-guhs-juhy" }, { "vulnerability": "VCID-2fn6-apud-qbh4" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-38vz-usgx-g7dv" }, { "vulnerability": "VCID-3nm8-13hg-myh4" }, { "vulnerability": "VCID-4611-azkf-sffv" }, { "vulnerability": "VCID-4mcy-yw2p-v7bd" }, { "vulnerability": "VCID-68kz-zfvf-7ucw" }, { "vulnerability": "VCID-6q85-j656-wyeh" }, { "vulnerability": "VCID-6yj4-11z6-pfhx" }, { "vulnerability": "VCID-77qw-vmwe-x3d4" }, { "vulnerability": "VCID-8jv6-163j-a7b2" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-9471-umbz-pucy" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-b1cb-4tud-jked" }, { "vulnerability": "VCID-b7h9-cxkj-hkc8" }, { "vulnerability": "VCID-c4kq-8dpb-bkc7" }, { "vulnerability": "VCID-cj4m-mvzh-ckh4" }, { "vulnerability": "VCID-d7nb-6hvn-cueh" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-e5h2-wvws-3yhq" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-gv7c-qump-nyds" }, { "vulnerability": "VCID-gz3a-m337-s7dn" }, { "vulnerability": "VCID-h261-uqtv-yfek" }, { "vulnerability": "VCID-hhmu-vsj9-gudx" }, { "vulnerability": "VCID-hrnu-4t2j-9qba" }, { "vulnerability": "VCID-hw1d-gdcv-vkec" }, { "vulnerability": "VCID-k1u8-ur3y-zucd" }, { "vulnerability": "VCID-k29y-9nww-cuh6" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-kjbx-n3pd-yba9" }, { "vulnerability": "VCID-mcea-q7za-duay" }, { "vulnerability": "VCID-p4nc-ucxy-sydb" }, { "vulnerability": "VCID-p9am-1rhf-6bh2" }, { "vulnerability": "VCID-pczz-39pz-37bb" }, { "vulnerability": "VCID-pdbx-p4mr-97h4" }, { "vulnerability": "VCID-qar1-pfr5-ekfm" }, { "vulnerability": "VCID-qks2-mqk8-wffq" }, { "vulnerability": "VCID-t51p-askk-pfcx" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-uv23-yfgk-87h9" }, { "vulnerability": "VCID-vez2-knrw-ubbe" }, { "vulnerability": "VCID-vrqa-ggse-wqhn" }, { "vulnerability": "VCID-x7ny-9pvm-77eh" }, { "vulnerability": "VCID-x93k-k3f7-y3hk" }, { "vulnerability": "VCID-xuaz-p5q4-8beh" }, { "vulnerability": "VCID-y8xm-g4zt-b7b5" }, { "vulnerability": "VCID-ydhb-8z5m-v7fb" }, { "vulnerability": "VCID-yq5x-4eyq-m7ba" }, { "vulnerability": "VCID-yump-6eg9-9yeq" }, { "vulnerability": "VCID-zmf4-acz8-s3a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1" } ], "aliases": [ "CVE-2023-33949", "GHSA-g9mr-9xfc-4gf7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2jp-ueyr-gkav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111645?format=api", "vulnerability_id": "VCID-gz3a-m337-s7dn", "summary": "Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page\nCross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_my_sites_web_portlet_MySitesPortlet_comments parameter.", "references": [ { "reference_url": "http://liferay.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://liferay.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65127", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.6518", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65169", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65156", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65168", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29044" }, { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29044", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29044" }, { "reference_url": "https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548" }, { "reference_url": "https://github.com/advisories/GHSA-wcr5-3q96-c2gr", "reference_id": "GHSA-wcr5-3q96-c2gr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wcr5-3q96-c2gr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150185?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-266t-4gfq-duh4" }, { "vulnerability": "VCID-298n-mh47-3ygq" }, { "vulnerability": "VCID-2fn6-apud-qbh4" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-37ph-hjq9-bufq" }, { "vulnerability": "VCID-38vz-usgx-g7dv" }, { "vulnerability": "VCID-4611-azkf-sffv" }, { "vulnerability": "VCID-4mcy-yw2p-v7bd" }, { "vulnerability": "VCID-77qw-vmwe-x3d4" }, { "vulnerability": "VCID-7tas-6nn4-9fhu" }, { "vulnerability": "VCID-8jv6-163j-a7b2" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-9471-umbz-pucy" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-afe9-yqy2-8bdb" }, { "vulnerability": "VCID-b1cb-4tud-jked" }, { "vulnerability": "VCID-b7h9-cxkj-hkc8" }, { "vulnerability": "VCID-bg89-tyhn-sfc3" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-cj4m-mvzh-ckh4" }, { "vulnerability": "VCID-dt2w-w4vw-1yhe" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-e5h2-wvws-3yhq" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-gaqh-vn1h-b3c1" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-h261-uqtv-yfek" }, { "vulnerability": "VCID-hhmu-vsj9-gudx" }, { "vulnerability": "VCID-hrnu-4t2j-9qba" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-hw1d-gdcv-vkec" }, { "vulnerability": "VCID-k1u8-ur3y-zucd" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-kjbx-n3pd-yba9" }, { "vulnerability": "VCID-mcea-q7za-duay" }, { "vulnerability": "VCID-mph8-zzjv-67av" }, { "vulnerability": "VCID-msd2-mccp-z7cv" }, { "vulnerability": "VCID-p9am-1rhf-6bh2" }, { "vulnerability": "VCID-pczz-39pz-37bb" }, { "vulnerability": "VCID-pdbx-p4mr-97h4" }, { "vulnerability": "VCID-qks2-mqk8-wffq" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-vez2-knrw-ubbe" }, { "vulnerability": "VCID-xn1n-5rgc-83bg" }, { "vulnerability": "VCID-xuaz-p5q4-8beh" }, { "vulnerability": "VCID-y8xm-g4zt-b7b5" }, { "vulnerability": "VCID-ydhb-8z5m-v7fb" }, { "vulnerability": "VCID-zmf4-acz8-s3a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6" } ], "aliases": [ "CVE-2021-29044", "GHSA-wcr5-3q96-c2gr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gz3a-m337-s7dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110228?format=api", "vulnerability_id": "VCID-k1u8-ur3y-zucd", "summary": "Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL\nThe Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.", "references": [ { "reference_url": "http://liferay.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/" } ], "url": "http://liferay.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56121", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56115", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5606", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5609", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56107", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42132" }, { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d" }, { "reference_url": "https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430" }, { "reference_url": "https://issues.liferay.com/browse/LPE-17438", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/" } ], "url": "https://issues.liferay.com/browse/LPE-17438" }, { "reference_url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42132", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42132" }, { "reference_url": "https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132" }, { "reference_url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132", "reference_id": "cve-2022-42132", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/" } ], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132" }, { "reference_url": "https://github.com/advisories/GHSA-f43m-hhj4-q3jg", "reference_id": "GHSA-f43m-hhj4-q3jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f43m-hhj4-q3jg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69030?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5" }, { "url": "http://public2.vulnerablecode.io/api/packages/609682?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11qf-d5xp-4fey" }, { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-27a1-teqk-cbe2" }, { "vulnerability": "VCID-292m-hgvs-93ey" }, { "vulnerability": "VCID-298n-mh47-3ygq" }, { "vulnerability": "VCID-2bcr-bxek-skfq" }, { "vulnerability": "VCID-2dra-x6f5-xybz" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-38vz-usgx-g7dv" }, { "vulnerability": "VCID-434b-p73k-5fam" }, { "vulnerability": "VCID-4611-azkf-sffv" }, { "vulnerability": "VCID-4kym-jhtn-cfa3" }, { "vulnerability": "VCID-4xqq-69ab-1qew" }, { "vulnerability": "VCID-5732-ffyz-9fh5" }, { "vulnerability": "VCID-5bex-xcub-3qhr" }, { "vulnerability": "VCID-68yp-31d3-zbay" }, { "vulnerability": "VCID-6yrk-8tj5-juhp" }, { "vulnerability": "VCID-7tas-6nn4-9fhu" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-b24q-c9nx-hkdy" }, { "vulnerability": "VCID-by7b-2zr9-y3dj" }, { "vulnerability": "VCID-ca62-h2qv-v7bg" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-cj4m-mvzh-ckh4" }, { "vulnerability": "VCID-dt2w-w4vw-1yhe" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-e5h2-wvws-3yhq" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-evap-nt9g-akf6" }, { "vulnerability": "VCID-g41m-xvk2-xfda" }, { "vulnerability": "VCID-gaqh-vn1h-b3c1" }, { "vulnerability": "VCID-ggmh-6ef8-7ufj" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-gyge-7d5c-6uhz" }, { "vulnerability": "VCID-hhmu-vsj9-gudx" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-j3pc-gwg6-qfbs" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-kjbx-n3pd-yba9" }, { "vulnerability": "VCID-ksvn-b6hv-hfa7" }, { "vulnerability": "VCID-mgw3-28sj-juh7" }, { "vulnerability": "VCID-msd2-mccp-z7cv" }, { "vulnerability": "VCID-nhp5-61h7-ryf4" }, { "vulnerability": "VCID-patg-tmcj-3qbh" }, { "vulnerability": "VCID-pdbx-p4mr-97h4" }, { "vulnerability": "VCID-pf71-p73a-xyda" }, { "vulnerability": "VCID-qks2-mqk8-wffq" }, { "vulnerability": "VCID-qrgm-94me-83hz" }, { "vulnerability": "VCID-qy5u-7m7g-4ben" }, { "vulnerability": "VCID-r363-kggk-k3ds" }, { "vulnerability": "VCID-rns1-e6pd-tkex" }, { "vulnerability": "VCID-s86p-ew9a-rkgt" }, { "vulnerability": "VCID-sw28-urg9-tqgd" }, { "vulnerability": "VCID-tf5n-etq9-2bg1" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-v633-mycj-6uh6" }, { "vulnerability": "VCID-vez2-knrw-ubbe" }, { "vulnerability": "VCID-w7z4-h1ug-z3cq" }, { "vulnerability": "VCID-wpqk-8fd9-p3ex" }, { "vulnerability": "VCID-wzj5-ba9k-q3at" }, { "vulnerability": "VCID-xn1n-5rgc-83bg" }, { "vulnerability": "VCID-y1wd-arvg-2ugt" }, { "vulnerability": "VCID-ydhb-8z5m-v7fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6" } ], "aliases": [ "CVE-2022-42132", "GHSA-f43m-hhj4-q3jg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1u8-ur3y-zucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112125?format=api", "vulnerability_id": "VCID-yq5x-4eyq-m7ba", "summary": "Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs\nOpen redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58217", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58227", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58218", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58202", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58169", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33331" }, { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://issues.liferay.com/browse/LPE-17022", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.liferay.com/browse/LPE-17022" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33331", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33331" }, { "reference_url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627" }, { "reference_url": "https://github.com/advisories/GHSA-mj8w-h522-jwm8", "reference_id": "GHSA-mj8w-h522-jwm8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mj8w-h522-jwm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/520089?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.3.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17tm-rzgk-qfas" }, { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-1h16-mptk-gke7" }, { "vulnerability": "VCID-266t-4gfq-duh4" }, { "vulnerability": "VCID-298n-mh47-3ygq" }, { "vulnerability": "VCID-2dc6-guhs-juhy" }, { "vulnerability": "VCID-2fn6-apud-qbh4" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-38vz-usgx-g7dv" }, { "vulnerability": "VCID-3nm8-13hg-myh4" }, { "vulnerability": "VCID-4611-azkf-sffv" }, { "vulnerability": "VCID-4mcy-yw2p-v7bd" }, { "vulnerability": "VCID-68kz-zfvf-7ucw" }, { "vulnerability": "VCID-6q85-j656-wyeh" }, { "vulnerability": "VCID-6yj4-11z6-pfhx" }, { "vulnerability": "VCID-77qw-vmwe-x3d4" }, { "vulnerability": "VCID-8jv6-163j-a7b2" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-9471-umbz-pucy" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-afe9-yqy2-8bdb" }, { "vulnerability": "VCID-b1cb-4tud-jked" }, { "vulnerability": "VCID-b7h9-cxkj-hkc8" }, { "vulnerability": "VCID-c4kq-8dpb-bkc7" }, { "vulnerability": "VCID-cj4m-mvzh-ckh4" }, { "vulnerability": "VCID-d7nb-6hvn-cueh" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-e5h2-wvws-3yhq" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-gv7c-qump-nyds" }, { "vulnerability": "VCID-gz3a-m337-s7dn" }, { "vulnerability": "VCID-h261-uqtv-yfek" }, { "vulnerability": "VCID-hhmu-vsj9-gudx" }, { "vulnerability": "VCID-hrnu-4t2j-9qba" }, { "vulnerability": "VCID-hw1d-gdcv-vkec" }, { "vulnerability": "VCID-k1u8-ur3y-zucd" }, { "vulnerability": "VCID-k29y-9nww-cuh6" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-kjbx-n3pd-yba9" }, { "vulnerability": "VCID-mcea-q7za-duay" }, { "vulnerability": "VCID-p4nc-ucxy-sydb" }, { "vulnerability": "VCID-p9am-1rhf-6bh2" }, { "vulnerability": "VCID-pczz-39pz-37bb" }, { "vulnerability": "VCID-pdbx-p4mr-97h4" }, { "vulnerability": "VCID-qar1-pfr5-ekfm" }, { "vulnerability": "VCID-qks2-mqk8-wffq" }, { "vulnerability": "VCID-t51p-askk-pfcx" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-uv23-yfgk-87h9" }, { "vulnerability": "VCID-vez2-knrw-ubbe" }, { "vulnerability": "VCID-vrqa-ggse-wqhn" }, { "vulnerability": "VCID-x7ny-9pvm-77eh" }, { "vulnerability": "VCID-x93k-k3f7-y3hk" }, { "vulnerability": "VCID-xuaz-p5q4-8beh" }, { "vulnerability": "VCID-y8xm-g4zt-b7b5" }, { "vulnerability": "VCID-ydhb-8z5m-v7fb" }, { "vulnerability": "VCID-yump-6eg9-9yeq" }, { "vulnerability": "VCID-zmf4-acz8-s3a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1-1" } ], "aliases": [ "CVE-2021-33331", "GHSA-mj8w-h522-jwm8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yq5x-4eyq-m7ba" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.0.0" }