Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/46430?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46430?format=api", "vulnerability_id": "VCID-q9et-6dxx-zbgq", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nReflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.", "aliases": [ { "alias": "CVE-2023-47797" }, { "alias": "GHSA-v32m-pf9q-p3xg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67798?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.96", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11qf-d5xp-4fey" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-27a1-teqk-cbe2" }, { "vulnerability": "VCID-292m-hgvs-93ey" }, { "vulnerability": "VCID-2bcr-bxek-skfq" }, { "vulnerability": "VCID-2dra-x6f5-xybz" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-3hm3-htje-akgd" }, { "vulnerability": "VCID-434b-p73k-5fam" }, { "vulnerability": "VCID-4kym-jhtn-cfa3" }, { "vulnerability": "VCID-4xqq-69ab-1qew" }, { "vulnerability": "VCID-5732-ffyz-9fh5" }, { "vulnerability": "VCID-5bex-xcub-3qhr" }, { "vulnerability": "VCID-5nq8-gsav-5ffq" }, { "vulnerability": "VCID-68yp-31d3-zbay" }, { "vulnerability": "VCID-6yrk-8tj5-juhp" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-b24q-c9nx-hkdy" }, { "vulnerability": "VCID-brjh-tyur-ebc8" }, { "vulnerability": "VCID-by7b-2zr9-y3dj" }, { "vulnerability": "VCID-ca62-h2qv-v7bg" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-csnj-331s-43ea" }, { "vulnerability": "VCID-d56y-s4zt-uyd7" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ej5y-geq1-pkfn" }, { "vulnerability": "VCID-evap-nt9g-akf6" }, { "vulnerability": "VCID-g41m-xvk2-xfda" }, { "vulnerability": "VCID-ggmh-6ef8-7ufj" }, { "vulnerability": "VCID-gyge-7d5c-6uhz" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-j3pc-gwg6-qfbs" }, { "vulnerability": "VCID-ksvn-b6hv-hfa7" }, { "vulnerability": "VCID-mbd8-z3ry-cqap" }, { "vulnerability": "VCID-mf9a-eusx-f3gb" }, { "vulnerability": "VCID-nhp5-61h7-ryf4" }, { "vulnerability": "VCID-pf71-p73a-xyda" }, { "vulnerability": "VCID-qy5u-7m7g-4ben" }, { "vulnerability": "VCID-r363-kggk-k3ds" }, { "vulnerability": "VCID-rns1-e6pd-tkex" }, { "vulnerability": "VCID-rs2y-3c75-uycm" }, { "vulnerability": "VCID-s86p-ew9a-rkgt" }, { "vulnerability": "VCID-su57-hncy-5qg4" }, { "vulnerability": "VCID-sw28-urg9-tqgd" }, { "vulnerability": "VCID-tf5n-etq9-2bg1" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-w7z4-h1ug-z3cq" }, { "vulnerability": "VCID-wpqk-8fd9-p3ex" }, { "vulnerability": "VCID-xn1n-5rgc-83bg" }, { "vulnerability": "VCID-xv4h-g41b-c7c7" }, { "vulnerability": "VCID-y1wd-arvg-2ugt" }, { "vulnerability": "VCID-ynk1-3fye-bfcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.96" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67797?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.94", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11qf-d5xp-4fey" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-27a1-teqk-cbe2" }, { "vulnerability": "VCID-292m-hgvs-93ey" }, { "vulnerability": "VCID-2bcr-bxek-skfq" }, { "vulnerability": "VCID-2dra-x6f5-xybz" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-3hm3-htje-akgd" }, { "vulnerability": "VCID-434b-p73k-5fam" }, { "vulnerability": "VCID-4kym-jhtn-cfa3" }, { "vulnerability": "VCID-4xqq-69ab-1qew" }, { "vulnerability": "VCID-5732-ffyz-9fh5" }, { "vulnerability": "VCID-5bex-xcub-3qhr" }, { "vulnerability": "VCID-5nq8-gsav-5ffq" }, { "vulnerability": "VCID-68yp-31d3-zbay" }, { "vulnerability": "VCID-6yrk-8tj5-juhp" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-b24q-c9nx-hkdy" }, { "vulnerability": "VCID-brjh-tyur-ebc8" }, { "vulnerability": "VCID-by7b-2zr9-y3dj" }, { "vulnerability": "VCID-ca62-h2qv-v7bg" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-csnj-331s-43ea" }, { "vulnerability": "VCID-d56y-s4zt-uyd7" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ej5y-geq1-pkfn" }, { "vulnerability": "VCID-evap-nt9g-akf6" }, { "vulnerability": "VCID-g41m-xvk2-xfda" }, { "vulnerability": "VCID-ggmh-6ef8-7ufj" }, { "vulnerability": "VCID-gyge-7d5c-6uhz" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-j3pc-gwg6-qfbs" }, { "vulnerability": "VCID-ksvn-b6hv-hfa7" }, { "vulnerability": "VCID-mbd8-z3ry-cqap" }, { "vulnerability": "VCID-mf9a-eusx-f3gb" }, { "vulnerability": "VCID-nhp5-61h7-ryf4" }, { "vulnerability": "VCID-pf71-p73a-xyda" }, { "vulnerability": "VCID-q9et-6dxx-zbgq" }, { "vulnerability": "VCID-qy5u-7m7g-4ben" }, { "vulnerability": "VCID-r363-kggk-k3ds" }, { "vulnerability": "VCID-rns1-e6pd-tkex" }, { "vulnerability": "VCID-rs2y-3c75-uycm" }, { "vulnerability": "VCID-s86p-ew9a-rkgt" }, { "vulnerability": "VCID-su57-hncy-5qg4" }, { "vulnerability": "VCID-sw28-urg9-tqgd" }, { "vulnerability": "VCID-tf5n-etq9-2bg1" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-w7z4-h1ug-z3cq" }, { "vulnerability": "VCID-wpqk-8fd9-p3ex" }, { "vulnerability": "VCID-xn1n-5rgc-83bg" }, { "vulnerability": "VCID-xv4h-g41b-c7c7" }, { "vulnerability": "VCID-y1wd-arvg-2ugt" }, { "vulnerability": "VCID-ynk1-3fye-bfcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.94" }, { "url": "http://public2.vulnerablecode.io/api/packages/689260?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.95", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11qf-d5xp-4fey" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-27a1-teqk-cbe2" }, { "vulnerability": "VCID-292m-hgvs-93ey" }, { "vulnerability": "VCID-2bcr-bxek-skfq" }, { "vulnerability": "VCID-2dra-x6f5-xybz" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-3hm3-htje-akgd" }, { "vulnerability": "VCID-434b-p73k-5fam" }, { "vulnerability": "VCID-4kym-jhtn-cfa3" }, { "vulnerability": "VCID-4xqq-69ab-1qew" }, { "vulnerability": "VCID-5732-ffyz-9fh5" }, { "vulnerability": "VCID-5bex-xcub-3qhr" }, { "vulnerability": "VCID-5nq8-gsav-5ffq" }, { "vulnerability": "VCID-68yp-31d3-zbay" }, { "vulnerability": "VCID-6yrk-8tj5-juhp" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-b24q-c9nx-hkdy" }, { "vulnerability": "VCID-brjh-tyur-ebc8" }, { "vulnerability": "VCID-by7b-2zr9-y3dj" }, { "vulnerability": "VCID-ca62-h2qv-v7bg" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-csnj-331s-43ea" }, { "vulnerability": "VCID-d56y-s4zt-uyd7" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ej5y-geq1-pkfn" }, { "vulnerability": "VCID-evap-nt9g-akf6" }, { "vulnerability": "VCID-g41m-xvk2-xfda" }, { "vulnerability": "VCID-ggmh-6ef8-7ufj" }, { "vulnerability": "VCID-gyge-7d5c-6uhz" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-j3pc-gwg6-qfbs" }, { "vulnerability": "VCID-ksvn-b6hv-hfa7" }, { "vulnerability": "VCID-mbd8-z3ry-cqap" }, { "vulnerability": "VCID-mf9a-eusx-f3gb" }, { "vulnerability": "VCID-nhp5-61h7-ryf4" }, { "vulnerability": "VCID-pf71-p73a-xyda" }, { "vulnerability": "VCID-q9et-6dxx-zbgq" }, { "vulnerability": "VCID-qy5u-7m7g-4ben" }, { "vulnerability": "VCID-r363-kggk-k3ds" }, { "vulnerability": "VCID-rns1-e6pd-tkex" }, { "vulnerability": "VCID-rs2y-3c75-uycm" }, { "vulnerability": "VCID-s86p-ew9a-rkgt" }, { "vulnerability": "VCID-su57-hncy-5qg4" }, { "vulnerability": "VCID-sw28-urg9-tqgd" }, { "vulnerability": "VCID-tf5n-etq9-2bg1" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-w7z4-h1ug-z3cq" }, { "vulnerability": "VCID-wpqk-8fd9-p3ex" }, { "vulnerability": "VCID-xn1n-5rgc-83bg" }, { "vulnerability": "VCID-xv4h-g41b-c7c7" }, { "vulnerability": "VCID-y1wd-arvg-2ugt" }, { "vulnerability": "VCID-ynk1-3fye-bfcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.95" }, { "url": "http://public2.vulnerablecode.io/api/packages/689261?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.95-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11qf-d5xp-4fey" }, { "vulnerability": "VCID-1jgz-k7zp-uydp" }, { "vulnerability": "VCID-27a1-teqk-cbe2" }, { "vulnerability": "VCID-292m-hgvs-93ey" }, { "vulnerability": "VCID-2bcr-bxek-skfq" }, { "vulnerability": "VCID-2dra-x6f5-xybz" }, { "vulnerability": "VCID-2mtb-mdha-qufv" }, { "vulnerability": "VCID-3hm3-htje-akgd" }, { "vulnerability": "VCID-434b-p73k-5fam" }, { "vulnerability": "VCID-4kym-jhtn-cfa3" }, { "vulnerability": "VCID-4xqq-69ab-1qew" }, { "vulnerability": "VCID-5732-ffyz-9fh5" }, { "vulnerability": "VCID-5bex-xcub-3qhr" }, { "vulnerability": "VCID-5nq8-gsav-5ffq" }, { "vulnerability": "VCID-68yp-31d3-zbay" }, { "vulnerability": "VCID-6yrk-8tj5-juhp" }, { "vulnerability": "VCID-8xx2-vtnr-dubu" }, { "vulnerability": "VCID-b24q-c9nx-hkdy" }, { "vulnerability": "VCID-brjh-tyur-ebc8" }, { "vulnerability": "VCID-by7b-2zr9-y3dj" }, { "vulnerability": "VCID-ca62-h2qv-v7bg" }, { "vulnerability": "VCID-ce9p-rwsz-zkf6" }, { "vulnerability": "VCID-csnj-331s-43ea" }, { "vulnerability": "VCID-d56y-s4zt-uyd7" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ej5y-geq1-pkfn" }, { "vulnerability": "VCID-evap-nt9g-akf6" }, { "vulnerability": "VCID-g41m-xvk2-xfda" }, { "vulnerability": "VCID-ggmh-6ef8-7ufj" }, { "vulnerability": "VCID-gyge-7d5c-6uhz" }, { "vulnerability": "VCID-hvpx-y297-sbha" }, { "vulnerability": "VCID-j3pc-gwg6-qfbs" }, { "vulnerability": "VCID-ksvn-b6hv-hfa7" }, { "vulnerability": "VCID-mbd8-z3ry-cqap" }, { "vulnerability": "VCID-mf9a-eusx-f3gb" }, { "vulnerability": "VCID-nhp5-61h7-ryf4" }, { "vulnerability": "VCID-pf71-p73a-xyda" }, { "vulnerability": "VCID-q9et-6dxx-zbgq" }, { "vulnerability": "VCID-qy5u-7m7g-4ben" }, { "vulnerability": "VCID-r363-kggk-k3ds" }, { "vulnerability": "VCID-rns1-e6pd-tkex" }, { "vulnerability": "VCID-rs2y-3c75-uycm" }, { "vulnerability": "VCID-s86p-ew9a-rkgt" }, { "vulnerability": "VCID-su57-hncy-5qg4" }, { "vulnerability": "VCID-sw28-urg9-tqgd" }, { "vulnerability": "VCID-tf5n-etq9-2bg1" }, { "vulnerability": "VCID-turp-jxv8-1fgy" }, { "vulnerability": "VCID-w7z4-h1ug-z3cq" }, { "vulnerability": "VCID-wpqk-8fd9-p3ex" }, { "vulnerability": "VCID-xn1n-5rgc-83bg" }, { "vulnerability": "VCID-xv4h-g41b-c7c7" }, { "vulnerability": "VCID-y1wd-arvg-2ugt" }, { "vulnerability": "VCID-ynk1-3fye-bfcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.95-1" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34808", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34827", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47797" }, { "reference_url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47797", "reference_id": "CVE-2023-47797", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:14:17Z/" } ], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47797" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47797", "reference_id": "CVE-2023-47797", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47797" }, { "reference_url": "https://github.com/advisories/GHSA-v32m-pf9q-p3xg", "reference_id": "GHSA-v32m-pf9q-p3xg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v32m-pf9q-p3xg" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9et-6dxx-zbgq" }