Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-p43p-dv2d-9qbp
Summary
Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector before 6.1.0 in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of an asset category.
Aliases
0
alias CVE-2022-26593
1
alias GHSA-q2rp-xfj8-r95h
Fixed_packages
0
url pkg:maven/com.liferay/com.liferay.asset.taglib@6.1.0
purl pkg:maven/com.liferay/com.liferay.asset.taglib@6.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.asset.taglib@6.1.0
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp3
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp3
Affected_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32kd-hk4s-j3es
1
vulnerability VCID-5628-87wr-nybq
2
vulnerability VCID-599q-63p5-13dc
3
vulnerability VCID-6vrh-zspb-nbct
4
vulnerability VCID-8e93-zavb-mbdw
5
vulnerability VCID-9ez3-d794-bffp
6
vulnerability VCID-bqpt-c2qn-2ke2
7
vulnerability VCID-cek7-7jqe-4kg2
8
vulnerability VCID-d9m4-h45w-cybh
9
vulnerability VCID-duvg-hkyn-uqcs
10
vulnerability VCID-e42x-p4br-vyfj
11
vulnerability VCID-gf41-q7x8-gfbx
12
vulnerability VCID-hm6a-7agu-x7hw
13
vulnerability VCID-jkab-y16v-4qgc
14
vulnerability VCID-jr3f-yvy8-bbak
15
vulnerability VCID-kghr-nqd7-7bfa
16
vulnerability VCID-mkf6-6w9a-vyg3
17
vulnerability VCID-np6t-napm-xbc4
18
vulnerability VCID-p43p-dv2d-9qbp
19
vulnerability VCID-q2b7-dznb-sbhc
20
vulnerability VCID-qr3x-2ch3-v3cv
21
vulnerability VCID-zs1z-h53m-pyev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26593
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37572
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26593
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/811d894cb079aba3644771a70cd9a2dfd36b945d
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/811d894cb079aba3644771a70cd9a2dfd36b945d
3
reference_url https://liferay.atlassian.net/issues/LPE-17284
reference_id
reference_type
scores
url https://liferay.atlassian.net/issues/LPE-17284
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26593
reference_id CVE-2022-26593
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-26593
5
reference_url https://github.com/advisories/GHSA-q2rp-xfj8-r95h
reference_id GHSA-q2rp-xfj8-r95h
reference_type
scores
url https://github.com/advisories/GHSA-q2rp-xfj8-r95h
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-p43p-dv2d-9qbp