Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34

Type maven

Namespace com.liferay.portal

Name release.dxp.bom

Version 7.3.10.u34

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.4.3.13u8

Latest_non_vulnerable_version 2023.Q3.6

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-xe2v-j69t-d3h3

vulnerability_id VCID-xe2v-j69t-d3h3

summary

Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Wiki Web before 7.0.95 from Liferay Portal (7.1.0 through 7.4.3.87), and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field.

references

reference_url	https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url	https://github.com/liferay/liferay-portal

reference_url	https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
reference_id
reference_type
scores
url	https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal

reference_url	https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
reference_id	CVE-2023-42628
reference_type
scores
url	https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-42628
reference_id	CVE-2023-42628
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-42628

reference_url	https://github.com/advisories/GHSA-hv45-r2f5-fmhj
reference_id	GHSA-hv45-r2f5-fmhj
reference_type
scores
url	https://github.com/advisories/GHSA-hv45-r2f5-fmhj

fixed_packages

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

aliases CVE-2023-42628, GHSA-hv45-r2f5-fmhj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xe2v-j69t-d3h3

url VCID-xn1n-5rgc-83bg

vulnerability_id VCID-xn1n-5rgc-83bg

summary

Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2` parameter.

references

reference_url	https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url	https://github.com/liferay/liferay-portal

reference_url	https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496
reference_id	CVE-2023-42496
reference_type
scores
url	https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-42496
reference_id	CVE-2023-42496
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-42496

reference_url	https://github.com/advisories/GHSA-54pv-r62j-9qqc
reference_id	GHSA-54pv-r62j-9qqc
reference_type
scores
url	https://github.com/advisories/GHSA-54pv-r62j-9qqc

fixed_packages

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34

url	pkg:maven/com.liferay.portal/release.dxp.bom@2023.Q3.6
purl	pkg:maven/com.liferay.portal/release.dxp.bom@2023.Q3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2023.Q3.6

aliases CVE-2023-42496, GHSA-54pv-r62j-9qqc

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xn1n-5rgc-83bg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34

Package Instance