Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u92
Typemaven
Namespacecom.liferay.portal
Namerelease.dxp.bom
Version7.4.13.u92
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2023.Q3.5
Latest_non_vulnerable_version2023.Q3.6
Affected_by_vulnerabilities
0
url VCID-tqvb-a46r-jbf8
vulnerability_id VCID-tqvb-a46r-jbf8
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module before 4.0.35 from Liferay Portal (7.3.5 through 7.4.3.91), and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code.
references
0
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal
1
reference_url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
reference_id
reference_type
scores
url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627
reference_id CVE-2023-42627
reference_type
scores
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42627
reference_id CVE-2023-42627
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-42627
4
reference_url https://github.com/advisories/GHSA-qp68-5v39-r869
reference_id GHSA-qp68-5v39-r869
reference_type
scores
url https://github.com/advisories/GHSA-qp68-5v39-r869
fixed_packages
aliases CVE-2023-42627, GHSA-qp68-5v39-r869
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tqvb-a46r-jbf8
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u92