Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.44

Type maven

Namespace com.liferay.portal

Name release.portal.bom

Version 7.4.3.44

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.4.3.49

Latest_non_vulnerable_version 7.4.3.120

Affected_by_vulnerabilities

url VCID-mf9a-eusx-f3gb

vulnerability_id VCID-mf9a-eusx-f3gb

summary

Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field

references

reference_url	https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url	https://github.com/liferay/liferay-portal

reference_url	https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-40191
reference_id	CVE-2023-40191
reference_type
scores
url	https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-40191

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-40191
reference_id	CVE-2023-40191
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-40191

reference_url	https://github.com/advisories/GHSA-468x-frcm-ghx6
reference_id	GHSA-468x-frcm-ghx6
reference_type
scores
url	https://github.com/advisories/GHSA-468x-frcm-ghx6

fixed_packages

url	pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
purl	pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98

aliases CVE-2023-40191, GHSA-468x-frcm-ghx6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mf9a-eusx-f3gb

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.44

Package Instance