Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.layout.impl@4.0.10
Typemaven
Namespacecom.liferay
Namecom.liferay.layout.impl
Version4.0.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.147
Latest_non_vulnerable_version6.0.147
Affected_by_vulnerabilities
0
url VCID-c3ym-wtv5-hfhr
vulnerability_id VCID-c3ym-wtv5-hfhr
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu
Stored cross-site scripting (XSS) vulnerability in Page Tree menu in Liferay Layout Implementation before 6.0.102 from Liferay Portal (7.3.6 through 7.4.3.78), and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44310
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41958
published_at 2026-06-05T12:55:00Z
1
value 0.00199
scoring_system epss
scoring_elements 0.4194
published_at 2026-06-07T12:55:00Z
2
value 0.00199
scoring_system epss
scoring_elements 0.41969
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44310
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/45931175b6ae14df089f0304f86b5b0f66ac3c02
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45931175b6ae14df089f0304f86b5b0f66ac3c02
3
reference_url https://liferay.atlassian.net/browse/LPE-17725
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17725
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310?p_r_p_assetEntryId=122124880&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D122124880%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310?p_r_p_assetEntryId=122124880&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D122124880%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310
reference_id cve-2023-44310
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T16:31:02Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44310
reference_id CVE-2023-44310
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44310
7
reference_url https://github.com/advisories/GHSA-j5gv-w838-mmcx
reference_id GHSA-j5gv-w838-mmcx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j5gv-w838-mmcx
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.layout.impl@6.0.102
purl pkg:maven/com.liferay/com.liferay.layout.impl@6.0.102
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d1k2-fs6n-xkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.layout.impl@6.0.102
aliases CVE-2023-44310, GHSA-j5gv-w838-mmcx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3ym-wtv5-hfhr
1
url VCID-d1k2-fs6n-xkhx
vulnerability_id VCID-d1k2-fs6n-xkhx
summary 
Liferay Portal users are able to add system admin portlets to pages
Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows admin users of a virtual instance to add pages that are not in the default/main virtual instance, then any tenant can create a list of all other tenants.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43759
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17537
published_at 2026-06-07T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17575
published_at 2026-06-06T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17581
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43759
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/2e29e6733bc0e058bef89d16faac542bf2585346
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/2e29e6733bc0e058bef89d16faac542bf2585346
3
reference_url https://github.com/liferay/liferay-portal/commit/e8cbc7c27e5ed51c4079dd62738713f31afb46f7
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/e8cbc7c27e5ed51c4079dd62738713f31afb46f7
4
reference_url https://liferay.atlassian.net/browse/LPE-18185
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18185
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43759
reference_id CVE-2025-43759
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-26T13:07:55Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43759
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43759
reference_id CVE-2025-43759
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43759
7
reference_url https://github.com/advisories/GHSA-w3cr-3xw2-rp78
reference_id GHSA-w3cr-3xw2-rp78
reference_type
scores
url https://github.com/advisories/GHSA-w3cr-3xw2-rp78
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.layout.impl@6.0.147
purl pkg:maven/com.liferay/com.liferay.layout.impl@6.0.147
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.layout.impl@6.0.147
aliases CVE-2025-43759, GHSA-w3cr-3xw2-rp78
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1k2-fs6n-xkhx
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.layout.impl@4.0.10