Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.flags.web@6.0.24
Typemaven
Namespacecom.liferay
Namecom.liferay.flags.web
Version6.0.24
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.0.24
Latest_non_vulnerable_version6.0.24
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-vp7f-4nv4-5yhp
vulnerability_id VCID-vp7f-4nv4-5yhp
summary 
Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields
Multiple cross-site scripting (XSS) vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into (1) a user’s “First Name” text field, (2) a user’s “Middle Name” text field, (3) a user’s “Last Name” text field, (4) the “Other Reason” text field when flagging content, or (5) the name of the flagged content.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43771
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09324
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43771
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/0f1f6b628d40c9fc59ad6f561f6bdcc1208b5dbb
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/0f1f6b628d40c9fc59ad6f561f6bdcc1208b5dbb
3
reference_url https://github.com/liferay/liferay-portal/commit/28dc724658e13acb80f30fb3211d0849592ec4ef
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/28dc724658e13acb80f30fb3211d0849592ec4ef
4
reference_url https://github.com/liferay/liferay-portal/commit/90b677d7ca74464f2079266588a67fa56aca842d
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/90b677d7ca74464f2079266588a67fa56aca842d
5
reference_url https://github.com/liferay/liferay-portal/commit/cca5fe50a5b63000c3ca7469b668af9399025e90
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/cca5fe50a5b63000c3ca7469b668af9399025e90
6
reference_url https://liferay.atlassian.net/browse/LPE-17917
reference_id
reference_type
scores
url https://liferay.atlassian.net/browse/LPE-17917
7
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43771
reference_id CVE-2025-43771
reference_type
scores
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43771
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43771
reference_id CVE-2025-43771
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-43771
9
reference_url https://github.com/advisories/GHSA-q8fj-76q7-4p7h
reference_id GHSA-q8fj-76q7-4p7h
reference_type
scores
url https://github.com/advisories/GHSA-q8fj-76q7-4p7h
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.flags.web@6.0.24
purl pkg:maven/com.liferay/com.liferay.flags.web@6.0.24
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.flags.web@6.0.24
aliases CVE-2025-43771, GHSA-q8fj-76q7-4p7h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vp7f-4nv4-5yhp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.flags.web@6.0.24