Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
Typemaven
Namespacecom.liferay.portal
Namerelease.dxp.bom
Version7.0.10.fp102
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.1.10.fp18
Latest_non_vulnerable_version2025.Q2.10
Affected_by_vulnerabilities
0
url VCID-xe2v-j69t-d3h3
vulnerability_id VCID-xe2v-j69t-d3h3
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Wiki Web before 7.0.95 from Liferay Portal (7.1.0 through 7.4.3.87), and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field.
references
0
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
1
reference_url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
reference_id CVE-2023-42628
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
reference_id CVE-2023-42628
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
4
reference_url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
reference_id GHSA-hv45-r2f5-fmhj
reference_type
scores
url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
aliases CVE-2023-42628, GHSA-hv45-r2f5-fmhj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xe2v-j69t-d3h3
Fixing_vulnerabilities
0
url VCID-jkje-ckr9-6ffp
vulnerability_id VCID-jkje-ckr9-6ffp
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Site Memberships Web before 5.0.10 from Liferay Portal (7.0.1 through 7.4.1), and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28978
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30446
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28978
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d
4
reference_url https://liferay.atlassian.net/browse/LPE-17332
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17332
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership?p_r_p_assetEntryId=121612301&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612301%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership?p_r_p_assetEntryId=121612301&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612301%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28978
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28978
7
reference_url https://web.archive.org/web/20220922015759/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220922015759/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9yw4-52sc-rbbz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
aliases CVE-2022-28978, GHSA-7m65-hmvg-rxpc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkje-ckr9-6ffp
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102