Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
Typemaven
Namespacecom.liferay.portal
Namerelease.portal.bom
Version7.4.3.98
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.4.3.100
Latest_non_vulnerable_version7.4.3.120
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-5nq8-gsav-5ffq
vulnerability_id VCID-5nq8-gsav-5ffq
summary 
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key` parameter.
references
0
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal
1
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42498
reference_id CVE-2023-42498
reference_type
scores
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42498
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42498
reference_id CVE-2023-42498
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-42498
3
reference_url https://github.com/advisories/GHSA-73x3-8mrg-5r93
reference_id GHSA-73x3-8mrg-5r93
reference_type
scores
url https://github.com/advisories/GHSA-73x3-8mrg-5r93
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
aliases CVE-2023-42498, GHSA-73x3-8mrg-5r93
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5nq8-gsav-5ffq
1
url VCID-mf9a-eusx-f3gb
vulnerability_id VCID-mf9a-eusx-f3gb
summary 
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field
references
0
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal
1
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-40191
reference_id CVE-2023-40191
reference_type
scores
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-40191
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40191
reference_id CVE-2023-40191
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-40191
3
reference_url https://github.com/advisories/GHSA-468x-frcm-ghx6
reference_id GHSA-468x-frcm-ghx6
reference_type
scores
url https://github.com/advisories/GHSA-468x-frcm-ghx6
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
aliases CVE-2023-40191, GHSA-468x-frcm-ghx6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mf9a-eusx-f3gb
2
url VCID-xn1n-5rgc-83bg
vulnerability_id VCID-xn1n-5rgc-83bg
summary 
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2` parameter.
references
0
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal
1
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496
reference_id CVE-2023-42496
reference_type
scores
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42496
reference_id CVE-2023-42496
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-42496
3
reference_url https://github.com/advisories/GHSA-54pv-r62j-9qqc
reference_id GHSA-54pv-r62j-9qqc
reference_type
scores
url https://github.com/advisories/GHSA-54pv-r62j-9qqc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
aliases CVE-2023-42496, GHSA-54pv-r62j-9qqc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xn1n-5rgc-83bg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98