Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
Typemaven
Namespacecom.liferay.portal
Namerelease.dxp.bom
Version7.0.10.fp101
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.3u36
Latest_non_vulnerable_version2025.Q2.10
Affected_by_vulnerabilities
0
url VCID-48hp-m4m8-cqge
vulnerability_id VCID-48hp-m4m8-cqge
summary In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45224
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
3
reference_url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
4
reference_url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
reference_id cve-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:20:52Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
reference_id CVE-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
7
reference_url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
reference_id GHSA-2mvj-q2q3-wxjv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-72my-1zwg-a7hx
2
vulnerability VCID-a62g-s5j4-73fr
3
vulnerability VCID-bvbr-288p-xkak
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-j1vh-25uj-ukga
7
vulnerability VCID-kpwb-z5k7-bqa8
8
vulnerability VCID-kqhp-785u-nben
9
vulnerability VCID-kqsk-3dby-s3dh
10
vulnerability VCID-n512-h3fa-xbh7
11
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jau-1np8-6fd5
1
vulnerability VCID-72my-1zwg-a7hx
2
vulnerability VCID-a62g-s5j4-73fr
3
vulnerability VCID-epds-vwku-cyed
4
vulnerability VCID-evf7-f2j5-rqhr
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-mmy3-eycu-q7bu
8
vulnerability VCID-n2zu-prgr-dkfn
9
vulnerability VCID-n512-h3fa-xbh7
10
vulnerability VCID-qfdp-4b77-uqda
11
vulnerability VCID-wfhk-xspf-7yev
12
vulnerability VCID-xfq5-m4vf-cyaj
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
aliases CVE-2024-26267, GHSA-2mvj-q2q3-wxjv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48hp-m4m8-cqge
1
url VCID-6aqp-gny4-5ffp
vulnerability_id VCID-6aqp-gny4-5ffp
summary Liferay Portal and Liferay DXP fails to check origin of event messages
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25146
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33845
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25146
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25146
reference_id CVE-2022-25146
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25146
5
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps
reference_id CVE-2022-25146-CSRF-TOKEN-EXFILTRATION-VIA-REMOTE-APPS
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps
6
reference_url https://github.com/advisories/GHSA-ghw5-998m-vw4w
reference_id GHSA-ghw5-998m-vw4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ghw5-998m-vw4w
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-8uqz-bc88-ybcc
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-epds-vwku-cyed
7
vulnerability VCID-evf7-f2j5-rqhr
8
vulnerability VCID-gngs-dm98-eqc2
9
vulnerability VCID-j1vh-25uj-ukga
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-kqsk-3dby-s3dh
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-n512-h3fa-xbh7
14
vulnerability VCID-qfdp-4b77-uqda
15
vulnerability VCID-uxjd-h6fd-sbgf
16
vulnerability VCID-way6-hfht-aya6
17
vulnerability VCID-wfhk-xspf-7yev
18
vulnerability VCID-xfq5-m4vf-cyaj
19
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
aliases CVE-2022-25146, GHSA-ghw5-998m-vw4w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6aqp-gny4-5ffp
2
url VCID-6gyp-c7wt-qfb5
vulnerability_id VCID-6gyp-c7wt-qfb5
summary Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15839
reference_id
reference_type
scores
0
value 0.01076
scoring_system epss
scoring_elements 0.78211
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15839
1
reference_url https://issues.liferay.com/browse/LPE-17029
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17029
2
reference_url https://issues.liferay.com/browse/LPE-17055
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17055
3
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15839
reference_id CVE-2020-15839
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15839
5
reference_url https://github.com/advisories/GHSA-c7f6-4vx5-4263
reference_id GHSA-c7f6-4vx5-4263
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7f6-4vx5-4263
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gd6-wm47-ufad
1
vulnerability VCID-1k1u-jptu-n3d7
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4qnf-vd8e-9yfr
4
vulnerability VCID-6aqp-gny4-5ffp
5
vulnerability VCID-6ejn-7nds-1qb6
6
vulnerability VCID-76r8-wfvh-pkg4
7
vulnerability VCID-88u7-stft-ebdh
8
vulnerability VCID-91rc-5gz3-dbcf
9
vulnerability VCID-9bfa-6qqd-d7gb
10
vulnerability VCID-9u32-4n1x-77ce
11
vulnerability VCID-9xdb-721c-hqgf
12
vulnerability VCID-a62g-s5j4-73fr
13
vulnerability VCID-b12f-kdez-2qau
14
vulnerability VCID-bmbd-g58w-z3gy
15
vulnerability VCID-bvbr-288p-xkak
16
vulnerability VCID-ckbc-n5n3-dka6
17
vulnerability VCID-cn4z-f8ej-ruha
18
vulnerability VCID-fer2-q3rr-2khd
19
vulnerability VCID-g52h-8r1h-dfhe
20
vulnerability VCID-g6wt-vwuh-cua8
21
vulnerability VCID-gkpd-2p17-7fcq
22
vulnerability VCID-gngs-dm98-eqc2
23
vulnerability VCID-hkq7-mdbr-hkb2
24
vulnerability VCID-hqd6-nkr9-4ffm
25
vulnerability VCID-jrqh-vfu7-dkfh
26
vulnerability VCID-jxe5-tt8r-cbag
27
vulnerability VCID-k469-ety8-rqby
28
vulnerability VCID-kpwb-z5k7-bqa8
29
vulnerability VCID-mjr1-fwsd-xkgc
30
vulnerability VCID-mqut-n4an-x3cs
31
vulnerability VCID-msx1-y2nc-n7gt
32
vulnerability VCID-n4t4-bb8c-nub4
33
vulnerability VCID-n634-fspx-judk
34
vulnerability VCID-p17t-h88p-zybu
35
vulnerability VCID-qaj9-m3df-7qbr
36
vulnerability VCID-scdp-ugfr-yqap
37
vulnerability VCID-shuw-qkwq-vygb
38
vulnerability VCID-t45b-p6e7-j7ev
39
vulnerability VCID-t5h8-q4q5-a3em
40
vulnerability VCID-tvcx-nbr1-efc2
41
vulnerability VCID-v9m5-8c56-tuhb
42
vulnerability VCID-vk9f-1396-jkcp
43
vulnerability VCID-vweb-9s62-zucm
44
vulnerability VCID-vwmh-2kxm-bkan
45
vulnerability VCID-ww6r-hc6t-eqgp
46
vulnerability VCID-xxcp-sye1-tfbz
47
vulnerability VCID-yxjx-p7zs-3fec
48
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1k1u-jptu-n3d7
1
vulnerability VCID-25ay-9z7s-47dg
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4qnf-vd8e-9yfr
4
vulnerability VCID-5gqq-m36a-53b6
5
vulnerability VCID-6aqp-gny4-5ffp
6
vulnerability VCID-72my-1zwg-a7hx
7
vulnerability VCID-76r8-wfvh-pkg4
8
vulnerability VCID-88u7-stft-ebdh
9
vulnerability VCID-91rc-5gz3-dbcf
10
vulnerability VCID-9bfa-6qqd-d7gb
11
vulnerability VCID-9u32-4n1x-77ce
12
vulnerability VCID-9xdb-721c-hqgf
13
vulnerability VCID-a62g-s5j4-73fr
14
vulnerability VCID-ank8-p9qa-9udx
15
vulnerability VCID-bmbd-g58w-z3gy
16
vulnerability VCID-bvbr-288p-xkak
17
vulnerability VCID-ckbc-n5n3-dka6
18
vulnerability VCID-cn4z-f8ej-ruha
19
vulnerability VCID-ed9v-m3q5-6yaq
20
vulnerability VCID-epds-vwku-cyed
21
vulnerability VCID-fx8b-2pzj-uyg6
22
vulnerability VCID-g52h-8r1h-dfhe
23
vulnerability VCID-g6wt-vwuh-cua8
24
vulnerability VCID-gkpd-2p17-7fcq
25
vulnerability VCID-gngs-dm98-eqc2
26
vulnerability VCID-hkq7-mdbr-hkb2
27
vulnerability VCID-hqd6-nkr9-4ffm
28
vulnerability VCID-jjec-4x7z-ayhz
29
vulnerability VCID-jrqh-vfu7-dkfh
30
vulnerability VCID-k469-ety8-rqby
31
vulnerability VCID-kpwb-z5k7-bqa8
32
vulnerability VCID-mjr1-fwsd-xkgc
33
vulnerability VCID-mqut-n4an-x3cs
34
vulnerability VCID-msx1-y2nc-n7gt
35
vulnerability VCID-n4t4-bb8c-nub4
36
vulnerability VCID-n634-fspx-judk
37
vulnerability VCID-p17t-h88p-zybu
38
vulnerability VCID-qaj9-m3df-7qbr
39
vulnerability VCID-qztv-899y-sbb8
40
vulnerability VCID-scdp-ugfr-yqap
41
vulnerability VCID-shuw-qkwq-vygb
42
vulnerability VCID-snty-bgwf-33bu
43
vulnerability VCID-t45b-p6e7-j7ev
44
vulnerability VCID-t5h8-q4q5-a3em
45
vulnerability VCID-tgpb-tps9-wfd5
46
vulnerability VCID-tvcx-nbr1-efc2
47
vulnerability VCID-umd8-9ypn-zkdk
48
vulnerability VCID-v9m5-8c56-tuhb
49
vulnerability VCID-vk9f-1396-jkcp
50
vulnerability VCID-vweb-9s62-zucm
51
vulnerability VCID-vwmh-2kxm-bkan
52
vulnerability VCID-way6-hfht-aya6
53
vulnerability VCID-ww6r-hc6t-eqgp
54
vulnerability VCID-xxcp-sye1-tfbz
55
vulnerability VCID-yffn-r39p-nfcp
56
vulnerability VCID-yxjx-p7zs-3fec
57
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
aliases CVE-2020-15839, GHSA-c7f6-4vx5-4263
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gyp-c7wt-qfb5
3
url VCID-91rc-5gz3-dbcf
vulnerability_id VCID-91rc-5gz3-dbcf
summary Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29048
reference_id
reference_type
scores
0
value 0.00474
scoring_system epss
scoring_elements 0.6523
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29048
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
3
reference_url https://web.archive.org/web/20210524222536/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524222536/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29048
reference_id CVE-2021-29048
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29048
5
reference_url https://github.com/advisories/GHSA-4fx8-82f3-xcpc
reference_id GHSA-4fx8-82f3-xcpc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fx8-82f3-xcpc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp11
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-88u7-stft-ebdh
6
vulnerability VCID-9u32-4n1x-77ce
7
vulnerability VCID-a62g-s5j4-73fr
8
vulnerability VCID-ank8-p9qa-9udx
9
vulnerability VCID-bvbr-288p-xkak
10
vulnerability VCID-ckbc-n5n3-dka6
11
vulnerability VCID-cn4z-f8ej-ruha
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-g52h-8r1h-dfhe
15
vulnerability VCID-gkpd-2p17-7fcq
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-hqd6-nkr9-4ffm
18
vulnerability VCID-k469-ety8-rqby
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-mqut-n4an-x3cs
21
vulnerability VCID-n634-fspx-judk
22
vulnerability VCID-p17t-h88p-zybu
23
vulnerability VCID-qaj9-m3df-7qbr
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-shuw-qkwq-vygb
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-t5h8-q4q5-a3em
28
vulnerability VCID-tgpb-tps9-wfd5
29
vulnerability VCID-tvcx-nbr1-efc2
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-vk9f-1396-jkcp
32
vulnerability VCID-vweb-9s62-zucm
33
vulnerability VCID-vwmh-2kxm-bkan
34
vulnerability VCID-way6-hfht-aya6
35
vulnerability VCID-xxcp-sye1-tfbz
36
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp11
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29048, GHSA-4fx8-82f3-xcpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91rc-5gz3-dbcf
4
url VCID-9u32-4n1x-77ce
vulnerability_id VCID-9u32-4n1x-77ce
summary HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
reference_id
reference_type
scores
0
value 0.1765
scoring_system epss
scoring_elements 0.95251
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
3
reference_url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
reference_id cve-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:50:15Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
reference_id CVE-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
6
reference_url https://github.com/advisories/GHSA-548x-j6x6-hcv4
reference_id GHSA-548x-j6x6-hcv4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-548x-j6x6-hcv4
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-evf7-f2j5-rqhr
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-kpwb-z5k7-bqa8
8
vulnerability VCID-mmy3-eycu-q7bu
9
vulnerability VCID-n2zu-prgr-dkfn
10
vulnerability VCID-n512-h3fa-xbh7
11
vulnerability VCID-qfdp-4b77-uqda
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-wfhk-xspf-7yev
14
vulnerability VCID-xfq5-m4vf-cyaj
15
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
aliases CVE-2024-25608, GHSA-548x-j6x6-hcv4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u32-4n1x-77ce
5
url VCID-a62g-s5j4-73fr
vulnerability_id VCID-a62g-s5j4-73fr
summary User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54091
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
3
reference_url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
reference_id cve-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:17:11Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
reference_id CVE-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
6
reference_url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
reference_id GHSA-qm43-g2xj-hvg5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-cn4z-f8ej-ruha
3
vulnerability VCID-epds-vwku-cyed
4
vulnerability VCID-gngs-dm98-eqc2
5
vulnerability VCID-kpwb-z5k7-bqa8
6
vulnerability VCID-p17t-h88p-zybu
7
vulnerability VCID-qaj9-m3df-7qbr
8
vulnerability VCID-t5h8-q4q5-a3em
9
vulnerability VCID-vk9f-1396-jkcp
10
vulnerability VCID-vweb-9s62-zucm
11
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-epds-vwku-cyed
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-kpwb-z5k7-bqa8
5
vulnerability VCID-n512-h3fa-xbh7
6
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jau-1np8-6fd5
1
vulnerability VCID-epds-vwku-cyed
2
vulnerability VCID-evf7-f2j5-rqhr
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-kpwb-z5k7-bqa8
5
vulnerability VCID-mmy3-eycu-q7bu
6
vulnerability VCID-n2zu-prgr-dkfn
7
vulnerability VCID-n512-h3fa-xbh7
8
vulnerability VCID-qfdp-4b77-uqda
9
vulnerability VCID-wfhk-xspf-7yev
10
vulnerability VCID-xfq5-m4vf-cyaj
11
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
aliases CVE-2024-26268, GHSA-qm43-g2xj-hvg5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a62g-s5j4-73fr
6
url VCID-bmbd-g58w-z3gy
vulnerability_id VCID-bmbd-g58w-z3gy
summary Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29051
reference_id
reference_type
scores
0
value 0.00317
scoring_system epss
scoring_elements 0.55205
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29051
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
3
reference_url https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29051
reference_id CVE-2021-29051
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29051
5
reference_url https://github.com/advisories/GHSA-jvvx-8g42-9559
reference_id GHSA-jvvx-8g42-9559
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvvx-8g42-9559
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-88u7-stft-ebdh
3
vulnerability VCID-91rc-5gz3-dbcf
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-ckbc-n5n3-dka6
8
vulnerability VCID-cn4z-f8ej-ruha
9
vulnerability VCID-g52h-8r1h-dfhe
10
vulnerability VCID-gkpd-2p17-7fcq
11
vulnerability VCID-gngs-dm98-eqc2
12
vulnerability VCID-hqd6-nkr9-4ffm
13
vulnerability VCID-k469-ety8-rqby
14
vulnerability VCID-kpwb-z5k7-bqa8
15
vulnerability VCID-mqut-n4an-x3cs
16
vulnerability VCID-n634-fspx-judk
17
vulnerability VCID-p17t-h88p-zybu
18
vulnerability VCID-qaj9-m3df-7qbr
19
vulnerability VCID-shuw-qkwq-vygb
20
vulnerability VCID-t5h8-q4q5-a3em
21
vulnerability VCID-tvcx-nbr1-efc2
22
vulnerability VCID-vk9f-1396-jkcp
23
vulnerability VCID-vweb-9s62-zucm
24
vulnerability VCID-vwmh-2kxm-bkan
25
vulnerability VCID-xxcp-sye1-tfbz
26
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-88u7-stft-ebdh
6
vulnerability VCID-91rc-5gz3-dbcf
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-bvbr-288p-xkak
11
vulnerability VCID-ckbc-n5n3-dka6
12
vulnerability VCID-cn4z-f8ej-ruha
13
vulnerability VCID-ed9v-m3q5-6yaq
14
vulnerability VCID-epds-vwku-cyed
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gkpd-2p17-7fcq
17
vulnerability VCID-gngs-dm98-eqc2
18
vulnerability VCID-hqd6-nkr9-4ffm
19
vulnerability VCID-jjec-4x7z-ayhz
20
vulnerability VCID-k469-ety8-rqby
21
vulnerability VCID-kpwb-z5k7-bqa8
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n634-fspx-judk
24
vulnerability VCID-p17t-h88p-zybu
25
vulnerability VCID-qaj9-m3df-7qbr
26
vulnerability VCID-qztv-899y-sbb8
27
vulnerability VCID-shuw-qkwq-vygb
28
vulnerability VCID-snty-bgwf-33bu
29
vulnerability VCID-t5h8-q4q5-a3em
30
vulnerability VCID-tgpb-tps9-wfd5
31
vulnerability VCID-tvcx-nbr1-efc2
32
vulnerability VCID-umd8-9ypn-zkdk
33
vulnerability VCID-vk9f-1396-jkcp
34
vulnerability VCID-vweb-9s62-zucm
35
vulnerability VCID-vwmh-2kxm-bkan
36
vulnerability VCID-way6-hfht-aya6
37
vulnerability VCID-xxcp-sye1-tfbz
38
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29051, GHSA-jvvx-8g42-9559
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmbd-g58w-z3gy
7
url VCID-bvbr-288p-xkak
vulnerability_id VCID-bvbr-288p-xkak
summary Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28980
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48281
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28980
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed
3
reference_url https://liferay.atlassian.net/browse/LPE-17420
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17420
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28980
reference_id CVE-2022-28980
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28980
6
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
reference_id cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
7
reference_url https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters
reference_id CVE-2022-28980-REFLECTED-XSS-WITH-FILTER_*-PARAMETERS-IN-APPLIED-FRAGMENT-FILTERS
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters
8
reference_url https://github.com/advisories/GHSA-8mp9-w7gr-pvj3
reference_id GHSA-8mp9-w7gr-pvj3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8mp9-w7gr-pvj3
9
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/
url http://liferay.com
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-6aqp-gny4-5ffp
3
vulnerability VCID-72my-1zwg-a7hx
4
vulnerability VCID-8uqz-bc88-ybcc
5
vulnerability VCID-9u32-4n1x-77ce
6
vulnerability VCID-a62g-s5j4-73fr
7
vulnerability VCID-evf7-f2j5-rqhr
8
vulnerability VCID-gngs-dm98-eqc2
9
vulnerability VCID-j1vh-25uj-ukga
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-kqsk-3dby-s3dh
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-n512-h3fa-xbh7
14
vulnerability VCID-qfdp-4b77-uqda
15
vulnerability VCID-uxjd-h6fd-sbgf
16
vulnerability VCID-way6-hfht-aya6
17
vulnerability VCID-wfhk-xspf-7yev
18
vulnerability VCID-xfq5-m4vf-cyaj
19
vulnerability VCID-zc53-8p5g-2kcv
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
aliases CVE-2022-28980, GHSA-8mp9-w7gr-pvj3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvbr-288p-xkak
8
url VCID-ckbc-n5n3-dka6
vulnerability_id VCID-ckbc-n5n3-dka6
summary Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26285
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
reference_id cve-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:45:01Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
reference_id CVE-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
5
reference_url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
reference_id GHSA-mwhf-6mjm-6w3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29038, GHSA-mwhf-6mjm-6w3h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckbc-n5n3-dka6
9
url VCID-cn4z-f8ej-ruha
vulnerability_id VCID-cn4z-f8ej-ruha
summary Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29047
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52658
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29047
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29047
reference_id CVE-2021-29047
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29047
4
reference_url https://github.com/advisories/GHSA-9mxg-p873-6793
reference_id GHSA-9mxg-p873-6793
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9mxg-p873-6793
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29047, GHSA-9mxg-p873-6793
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cn4z-f8ej-ruha
10
url VCID-fer2-q3rr-2khd
vulnerability_id VCID-fer2-q3rr-2khd
summary Liferay Portal and Liferay DXP Don't Check Permissions of Pages
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33324
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.30719
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33324
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17001
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17001
3
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
4
reference_url https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33324
reference_id CVE-2021-33324
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33324
6
reference_url https://github.com/advisories/GHSA-474f-cmx5-gm69
reference_id GHSA-474f-cmx5-gm69
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-474f-cmx5-gm69
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-88u7-stft-ebdh
3
vulnerability VCID-91rc-5gz3-dbcf
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-bmbd-g58w-z3gy
7
vulnerability VCID-bvbr-288p-xkak
8
vulnerability VCID-ckbc-n5n3-dka6
9
vulnerability VCID-cn4z-f8ej-ruha
10
vulnerability VCID-g52h-8r1h-dfhe
11
vulnerability VCID-g6wt-vwuh-cua8
12
vulnerability VCID-gkpd-2p17-7fcq
13
vulnerability VCID-gngs-dm98-eqc2
14
vulnerability VCID-hqd6-nkr9-4ffm
15
vulnerability VCID-k469-ety8-rqby
16
vulnerability VCID-kpwb-z5k7-bqa8
17
vulnerability VCID-mqut-n4an-x3cs
18
vulnerability VCID-n634-fspx-judk
19
vulnerability VCID-p17t-h88p-zybu
20
vulnerability VCID-qaj9-m3df-7qbr
21
vulnerability VCID-scdp-ugfr-yqap
22
vulnerability VCID-shuw-qkwq-vygb
23
vulnerability VCID-t5h8-q4q5-a3em
24
vulnerability VCID-tvcx-nbr1-efc2
25
vulnerability VCID-v9m5-8c56-tuhb
26
vulnerability VCID-vk9f-1396-jkcp
27
vulnerability VCID-vweb-9s62-zucm
28
vulnerability VCID-vwmh-2kxm-bkan
29
vulnerability VCID-xxcp-sye1-tfbz
30
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1k1u-jptu-n3d7
1
vulnerability VCID-25ay-9z7s-47dg
2
vulnerability VCID-48hp-m4m8-cqge
3
vulnerability VCID-4qnf-vd8e-9yfr
4
vulnerability VCID-5gqq-m36a-53b6
5
vulnerability VCID-6aqp-gny4-5ffp
6
vulnerability VCID-6ejn-7nds-1qb6
7
vulnerability VCID-6gyp-c7wt-qfb5
8
vulnerability VCID-72my-1zwg-a7hx
9
vulnerability VCID-76r8-wfvh-pkg4
10
vulnerability VCID-88u7-stft-ebdh
11
vulnerability VCID-91rc-5gz3-dbcf
12
vulnerability VCID-9bfa-6qqd-d7gb
13
vulnerability VCID-9u32-4n1x-77ce
14
vulnerability VCID-9xdb-721c-hqgf
15
vulnerability VCID-a62g-s5j4-73fr
16
vulnerability VCID-ank8-p9qa-9udx
17
vulnerability VCID-b12f-kdez-2qau
18
vulnerability VCID-bmbd-g58w-z3gy
19
vulnerability VCID-bvbr-288p-xkak
20
vulnerability VCID-ckbc-n5n3-dka6
21
vulnerability VCID-cn4z-f8ej-ruha
22
vulnerability VCID-dy73-grbk-tyb6
23
vulnerability VCID-ed9v-m3q5-6yaq
24
vulnerability VCID-epds-vwku-cyed
25
vulnerability VCID-fx8b-2pzj-uyg6
26
vulnerability VCID-g52h-8r1h-dfhe
27
vulnerability VCID-g6wt-vwuh-cua8
28
vulnerability VCID-gkpd-2p17-7fcq
29
vulnerability VCID-gngs-dm98-eqc2
30
vulnerability VCID-hkq7-mdbr-hkb2
31
vulnerability VCID-hqd6-nkr9-4ffm
32
vulnerability VCID-jjec-4x7z-ayhz
33
vulnerability VCID-jrqh-vfu7-dkfh
34
vulnerability VCID-jxe5-tt8r-cbag
35
vulnerability VCID-k469-ety8-rqby
36
vulnerability VCID-kpwb-z5k7-bqa8
37
vulnerability VCID-mjr1-fwsd-xkgc
38
vulnerability VCID-mqut-n4an-x3cs
39
vulnerability VCID-msx1-y2nc-n7gt
40
vulnerability VCID-n4t4-bb8c-nub4
41
vulnerability VCID-n634-fspx-judk
42
vulnerability VCID-p17t-h88p-zybu
43
vulnerability VCID-qaj9-m3df-7qbr
44
vulnerability VCID-qztv-899y-sbb8
45
vulnerability VCID-scdp-ugfr-yqap
46
vulnerability VCID-shuw-qkwq-vygb
47
vulnerability VCID-snty-bgwf-33bu
48
vulnerability VCID-t45b-p6e7-j7ev
49
vulnerability VCID-t5h8-q4q5-a3em
50
vulnerability VCID-tgpb-tps9-wfd5
51
vulnerability VCID-tvcx-nbr1-efc2
52
vulnerability VCID-umd8-9ypn-zkdk
53
vulnerability VCID-v9m5-8c56-tuhb
54
vulnerability VCID-vk9f-1396-jkcp
55
vulnerability VCID-vweb-9s62-zucm
56
vulnerability VCID-vwmh-2kxm-bkan
57
vulnerability VCID-way6-hfht-aya6
58
vulnerability VCID-ww6r-hc6t-eqgp
59
vulnerability VCID-xxcp-sye1-tfbz
60
vulnerability VCID-yffn-r39p-nfcp
61
vulnerability VCID-yxjx-p7zs-3fec
62
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
aliases CVE-2021-33324, GHSA-474f-cmx5-gm69
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fer2-q3rr-2khd
11
url VCID-g52h-8r1h-dfhe
vulnerability_id VCID-g52h-8r1h-dfhe
summary Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
reference_id cve-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-08T17:02:17Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
reference_id CVE-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
4
reference_url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
reference_id GHSA-9vgq-w5pv-v77q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
aliases CVE-2024-25145, GHSA-9vgq-w5pv-v77q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g52h-8r1h-dfhe
12
url VCID-k469-ety8-rqby
vulnerability_id VCID-k469-ety8-rqby
summary The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40276
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
3
reference_url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
reference_id cve-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:21:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
reference_id CVE-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
6
reference_url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
reference_id GHSA-mf8h-grfg-j9j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
aliases CVE-2024-25605, GHSA-mf8h-grfg-j9j3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k469-ety8-rqby
13
url VCID-kpwb-z5k7-bqa8
vulnerability_id VCID-kpwb-z5k7-bqa8
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42628
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36604
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42628
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
4
reference_url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
5
reference_url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
reference_id GHSA-hv45-r2f5-fmhj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.7
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-6gyp-c7wt-qfb5
3
vulnerability VCID-91rc-5gz3-dbcf
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-bmbd-g58w-z3gy
7
vulnerability VCID-bvbr-288p-xkak
8
vulnerability VCID-ckbc-n5n3-dka6
9
vulnerability VCID-cn4z-f8ej-ruha
10
vulnerability VCID-fer2-q3rr-2khd
11
vulnerability VCID-g52h-8r1h-dfhe
12
vulnerability VCID-k469-ety8-rqby
13
vulnerability VCID-mqut-n4an-x3cs
14
vulnerability VCID-n634-fspx-judk
15
vulnerability VCID-p17t-h88p-zybu
16
vulnerability VCID-qaj9-m3df-7qbr
17
vulnerability VCID-t5h8-q4q5-a3em
18
vulnerability VCID-vk9f-1396-jkcp
19
vulnerability VCID-vweb-9s62-zucm
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.7
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-91rc-5gz3-dbcf
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-bvbr-288p-xkak
6
vulnerability VCID-ckbc-n5n3-dka6
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-g52h-8r1h-dfhe
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-k469-ety8-rqby
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-n634-fspx-judk
13
vulnerability VCID-p17t-h88p-zybu
14
vulnerability VCID-qaj9-m3df-7qbr
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-vk9f-1396-jkcp
17
vulnerability VCID-vweb-9s62-zucm
18
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-cn4z-f8ej-ruha
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-p17t-h88p-zybu
5
vulnerability VCID-qaj9-m3df-7qbr
6
vulnerability VCID-t5h8-q4q5-a3em
7
vulnerability VCID-vk9f-1396-jkcp
8
vulnerability VCID-vweb-9s62-zucm
9
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-epds-vwku-cyed
3
vulnerability VCID-gngs-dm98-eqc2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
4
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epds-vwku-cyed
1
vulnerability VCID-huvy-gpy3-v3dp
2
vulnerability VCID-mmy3-eycu-q7bu
3
vulnerability VCID-n512-h3fa-xbh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
aliases CVE-2023-42628, GHSA-hv45-r2f5-fmhj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpwb-z5k7-bqa8
14
url VCID-mqut-n4an-x3cs
vulnerability_id VCID-mqut-n4an-x3cs
summary Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38474
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
3
reference_url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
4
reference_url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
5
reference_url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
6
reference_url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
7
reference_url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
8
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
reference_id cve-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T14:56:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
reference_id CVE-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
10
reference_url https://github.com/advisories/GHSA-4585-28v2-8h46
reference_id GHSA-4585-28v2-8h46
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4585-28v2-8h46
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2024-25150, GHSA-4585-28v2-8h46
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqut-n4an-x3cs
15
url VCID-n634-fspx-judk
vulnerability_id VCID-n634-fspx-judk
summary Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25149
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49567
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25149
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149
reference_id cve-2024-25149
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:46:50Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25149
reference_id CVE-2024-25149
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25149
5
reference_url https://github.com/advisories/GHSA-qpgh-6v9w-vfv6
reference_id GHSA-qpgh-6v9w-vfv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpgh-6v9w-vfv6
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-5gqq-m36a-53b6
2
vulnerability VCID-6aqp-gny4-5ffp
3
vulnerability VCID-72my-1zwg-a7hx
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-ank8-p9qa-9udx
7
vulnerability VCID-bvbr-288p-xkak
8
vulnerability VCID-ckbc-n5n3-dka6
9
vulnerability VCID-cn4z-f8ej-ruha
10
vulnerability VCID-ed9v-m3q5-6yaq
11
vulnerability VCID-epds-vwku-cyed
12
vulnerability VCID-g52h-8r1h-dfhe
13
vulnerability VCID-gkpd-2p17-7fcq
14
vulnerability VCID-gngs-dm98-eqc2
15
vulnerability VCID-k469-ety8-rqby
16
vulnerability VCID-kpwb-z5k7-bqa8
17
vulnerability VCID-mqut-n4an-x3cs
18
vulnerability VCID-p17t-h88p-zybu
19
vulnerability VCID-qaj9-m3df-7qbr
20
vulnerability VCID-snty-bgwf-33bu
21
vulnerability VCID-t5h8-q4q5-a3em
22
vulnerability VCID-tgpb-tps9-wfd5
23
vulnerability VCID-uxjd-h6fd-sbgf
24
vulnerability VCID-vk9f-1396-jkcp
25
vulnerability VCID-vweb-9s62-zucm
26
vulnerability VCID-way6-hfht-aya6
27
vulnerability VCID-xxcp-sye1-tfbz
28
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
aliases CVE-2024-25149, GHSA-qpgh-6v9w-vfv6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n634-fspx-judk
16
url VCID-p17t-h88p-zybu
vulnerability_id VCID-p17t-h88p-zybu
summary Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29041
reference_id
reference_type
scores
0
value 0.00507
scoring_system epss
scoring_elements 0.66731
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29041
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17131
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17131
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29041
reference_id CVE-2021-29041
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29041
4
reference_url https://github.com/advisories/GHSA-82j7-2h3j-hc7f
reference_id GHSA-82j7-2h3j-hc7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-82j7-2h3j-hc7f
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29041, GHSA-82j7-2h3j-hc7f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p17t-h88p-zybu
17
url VCID-qaj9-m3df-7qbr
vulnerability_id VCID-qaj9-m3df-7qbr
summary Liferay Portal and Liferay DXP Fails to Check Permissions
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29052
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27557
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29052
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29052
reference_id CVE-2021-29052
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29052
4
reference_url https://github.com/advisories/GHSA-pr7v-qv65-rp9m
reference_id GHSA-pr7v-qv65-rp9m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr7v-qv65-rp9m
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29052, GHSA-pr7v-qv65-rp9m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qaj9-m3df-7qbr
18
url VCID-shuw-qkwq-vygb
vulnerability_id VCID-shuw-qkwq-vygb
summary Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28978
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30481
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28978
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d
3
reference_url https://liferay.atlassian.net/browse/LPE-17332
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17332
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership?p_r_p_assetEntryId=121612301&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612301%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership?p_r_p_assetEntryId=121612301&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612301%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28978
reference_id CVE-2022-28978
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28978
6
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_id cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:52:15Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
7
reference_url https://web.archive.org/web/20220922015759/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_id CVE-2022-28978-STORED-XSS-WITH-USER-NAME-IN-SITE-MEMBERSHIP
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220922015759/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
8
reference_url https://github.com/advisories/GHSA-7m65-hmvg-rxpc
reference_id GHSA-7m65-hmvg-rxpc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7m65-hmvg-rxpc
9
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:52:15Z/
url http://liferay.com
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-6gyp-c7wt-qfb5
3
vulnerability VCID-91rc-5gz3-dbcf
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-bmbd-g58w-z3gy
7
vulnerability VCID-bvbr-288p-xkak
8
vulnerability VCID-ckbc-n5n3-dka6
9
vulnerability VCID-cn4z-f8ej-ruha
10
vulnerability VCID-fer2-q3rr-2khd
11
vulnerability VCID-g52h-8r1h-dfhe
12
vulnerability VCID-k469-ety8-rqby
13
vulnerability VCID-kpwb-z5k7-bqa8
14
vulnerability VCID-mqut-n4an-x3cs
15
vulnerability VCID-n634-fspx-judk
16
vulnerability VCID-p17t-h88p-zybu
17
vulnerability VCID-qaj9-m3df-7qbr
18
vulnerability VCID-t2ys-d2mh-xygr
19
vulnerability VCID-t5h8-q4q5-a3em
20
vulnerability VCID-vk9f-1396-jkcp
21
vulnerability VCID-vweb-9s62-zucm
22
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-91rc-5gz3-dbcf
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-bvbr-288p-xkak
6
vulnerability VCID-ckbc-n5n3-dka6
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-g52h-8r1h-dfhe
9
vulnerability VCID-gkpd-2p17-7fcq
10
vulnerability VCID-gngs-dm98-eqc2
11
vulnerability VCID-k469-ety8-rqby
12
vulnerability VCID-kpwb-z5k7-bqa8
13
vulnerability VCID-mqut-n4an-x3cs
14
vulnerability VCID-n634-fspx-judk
15
vulnerability VCID-p17t-h88p-zybu
16
vulnerability VCID-qaj9-m3df-7qbr
17
vulnerability VCID-t5h8-q4q5-a3em
18
vulnerability VCID-vk9f-1396-jkcp
19
vulnerability VCID-vweb-9s62-zucm
20
vulnerability VCID-vwmh-2kxm-bkan
21
vulnerability VCID-xxcp-sye1-tfbz
22
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-5gqq-m36a-53b6
2
vulnerability VCID-6aqp-gny4-5ffp
3
vulnerability VCID-72my-1zwg-a7hx
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-ank8-p9qa-9udx
7
vulnerability VCID-bvbr-288p-xkak
8
vulnerability VCID-ckbc-n5n3-dka6
9
vulnerability VCID-cn4z-f8ej-ruha
10
vulnerability VCID-ed9v-m3q5-6yaq
11
vulnerability VCID-epds-vwku-cyed
12
vulnerability VCID-g52h-8r1h-dfhe
13
vulnerability VCID-gkpd-2p17-7fcq
14
vulnerability VCID-gngs-dm98-eqc2
15
vulnerability VCID-k469-ety8-rqby
16
vulnerability VCID-kpwb-z5k7-bqa8
17
vulnerability VCID-mqut-n4an-x3cs
18
vulnerability VCID-p17t-h88p-zybu
19
vulnerability VCID-qaj9-m3df-7qbr
20
vulnerability VCID-snty-bgwf-33bu
21
vulnerability VCID-t5h8-q4q5-a3em
22
vulnerability VCID-tgpb-tps9-wfd5
23
vulnerability VCID-uxjd-h6fd-sbgf
24
vulnerability VCID-vk9f-1396-jkcp
25
vulnerability VCID-vweb-9s62-zucm
26
vulnerability VCID-way6-hfht-aya6
27
vulnerability VCID-xxcp-sye1-tfbz
28
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
aliases CVE-2022-28978, GHSA-7m65-hmvg-rxpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shuw-qkwq-vygb
19
url VCID-t5h8-q4q5-a3em
vulnerability_id VCID-t5h8-q4q5-a3em
summary Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29053
reference_id
reference_type
scores
0
value 0.00449
scoring_system epss
scoring_elements 0.64038
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29053
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29053
reference_id CVE-2021-29053
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29053
4
reference_url https://github.com/advisories/GHSA-f9wj-c5pc-g9rh
reference_id GHSA-f9wj-c5pc-g9rh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f9wj-c5pc-g9rh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29053, GHSA-f9wj-c5pc-g9rh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5h8-q4q5-a3em
20
url VCID-vk9f-1396-jkcp
vulnerability_id VCID-vk9f-1396-jkcp
summary Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38265
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39174
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38265
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b
3
reference_url https://liferay.atlassian.net/browse/LPE-17229
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17229
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38265
reference_id CVE-2021-38265
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38265
6
reference_url https://github.com/advisories/GHSA-3x83-whxw-pvmg
reference_id GHSA-3x83-whxw-pvmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x83-whxw-pvmg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-91rc-5gz3-dbcf
7
vulnerability VCID-9ka7-ck9s-nudp
8
vulnerability VCID-9u32-4n1x-77ce
9
vulnerability VCID-a62g-s5j4-73fr
10
vulnerability VCID-ank8-p9qa-9udx
11
vulnerability VCID-b31e-vxh7-1qe8
12
vulnerability VCID-bmbd-g58w-z3gy
13
vulnerability VCID-bvbr-288p-xkak
14
vulnerability VCID-ckbc-n5n3-dka6
15
vulnerability VCID-cn4z-f8ej-ruha
16
vulnerability VCID-ed9v-m3q5-6yaq
17
vulnerability VCID-g52h-8r1h-dfhe
18
vulnerability VCID-g6wt-vwuh-cua8
19
vulnerability VCID-gngs-dm98-eqc2
20
vulnerability VCID-h9vv-1cu6-jydx
21
vulnerability VCID-hqd6-nkr9-4ffm
22
vulnerability VCID-j1vh-25uj-ukga
23
vulnerability VCID-kpwb-z5k7-bqa8
24
vulnerability VCID-kqhp-785u-nben
25
vulnerability VCID-kqsk-3dby-s3dh
26
vulnerability VCID-mqut-n4an-x3cs
27
vulnerability VCID-n512-h3fa-xbh7
28
vulnerability VCID-p17t-h88p-zybu
29
vulnerability VCID-qaj9-m3df-7qbr
30
vulnerability VCID-qztv-899y-sbb8
31
vulnerability VCID-scdp-ugfr-yqap
32
vulnerability VCID-snty-bgwf-33bu
33
vulnerability VCID-t5h8-q4q5-a3em
34
vulnerability VCID-tgpb-tps9-wfd5
35
vulnerability VCID-tvcx-nbr1-efc2
36
vulnerability VCID-txpn-fzyb-3udy
37
vulnerability VCID-umd8-9ypn-zkdk
38
vulnerability VCID-v9m5-8c56-tuhb
39
vulnerability VCID-way6-hfht-aya6
40
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
aliases CVE-2021-38265, GHSA-3x83-whxw-pvmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vk9f-1396-jkcp
21
url VCID-vweb-9s62-zucm
vulnerability_id VCID-vweb-9s62-zucm
summary Liferay Portal and Liferay DXP fails to properly import users from LDAP
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38266
reference_id
reference_type
scores
0
value 0.01851
scoring_system epss
scoring_elements 0.83417
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38266
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736
3
reference_url https://issues.liferay.com/browse/LPE-17191
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17191
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38266
reference_id CVE-2021-38266
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38266
6
reference_url https://github.com/advisories/GHSA-jp3m-vh3g-6ggp
reference_id GHSA-jp3m-vh3g-6ggp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp3m-vh3g-6ggp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-91rc-5gz3-dbcf
7
vulnerability VCID-9ka7-ck9s-nudp
8
vulnerability VCID-9u32-4n1x-77ce
9
vulnerability VCID-a62g-s5j4-73fr
10
vulnerability VCID-ank8-p9qa-9udx
11
vulnerability VCID-b31e-vxh7-1qe8
12
vulnerability VCID-bmbd-g58w-z3gy
13
vulnerability VCID-bvbr-288p-xkak
14
vulnerability VCID-ckbc-n5n3-dka6
15
vulnerability VCID-cn4z-f8ej-ruha
16
vulnerability VCID-ed9v-m3q5-6yaq
17
vulnerability VCID-g52h-8r1h-dfhe
18
vulnerability VCID-g6wt-vwuh-cua8
19
vulnerability VCID-gngs-dm98-eqc2
20
vulnerability VCID-h9vv-1cu6-jydx
21
vulnerability VCID-hqd6-nkr9-4ffm
22
vulnerability VCID-j1vh-25uj-ukga
23
vulnerability VCID-kpwb-z5k7-bqa8
24
vulnerability VCID-kqhp-785u-nben
25
vulnerability VCID-kqsk-3dby-s3dh
26
vulnerability VCID-mqut-n4an-x3cs
27
vulnerability VCID-n512-h3fa-xbh7
28
vulnerability VCID-p17t-h88p-zybu
29
vulnerability VCID-qaj9-m3df-7qbr
30
vulnerability VCID-qztv-899y-sbb8
31
vulnerability VCID-scdp-ugfr-yqap
32
vulnerability VCID-snty-bgwf-33bu
33
vulnerability VCID-t5h8-q4q5-a3em
34
vulnerability VCID-tgpb-tps9-wfd5
35
vulnerability VCID-tvcx-nbr1-efc2
36
vulnerability VCID-txpn-fzyb-3udy
37
vulnerability VCID-umd8-9ypn-zkdk
38
vulnerability VCID-v9m5-8c56-tuhb
39
vulnerability VCID-way6-hfht-aya6
40
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
aliases CVE-2021-38266, GHSA-jp3m-vh3g-6ggp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vweb-9s62-zucm
22
url VCID-zkm4-bz55-9bb8
vulnerability_id VCID-zkm4-bz55-9bb8
summary Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38804
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
reference_id CVE-2023-37940
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
4
reference_url https://github.com/advisories/GHSA-px38-239g-x5mg
reference_id GHSA-px38-239g-x5mg
reference_type
scores
url https://github.com/advisories/GHSA-px38-239g-x5mg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-epds-vwku-cyed
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-kpwb-z5k7-bqa8
5
vulnerability VCID-n512-h3fa-xbh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epds-vwku-cyed
1
vulnerability VCID-huvy-gpy3-v3dp
2
vulnerability VCID-mmy3-eycu-q7bu
3
vulnerability VCID-n512-h3fa-xbh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
aliases CVE-2023-37940, GHSA-px38-239g-x5mg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkm4-bz55-9bb8
Fixing_vulnerabilities
0
url VCID-88u7-stft-ebdh
vulnerability_id VCID-88u7-stft-ebdh
summary HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28977
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66862
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28977
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/242e8bcabe3e8767799d3d1e6c021a75b4ada11b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/242e8bcabe3e8767799d3d1e6c021a75b4ada11b
3
reference_url https://github.com/liferay/liferay-portal/commit/6389885476414d3cd9e3092b4708906a5bdc8a48
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/6389885476414d3cd9e3092b4708906a5bdc8a48
4
reference_url https://github.com/liferay/liferay-portal/commit/8aa3fd76f34d1a4562bd5b4f82931a0a124e31a8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8aa3fd76f34d1a4562bd5b4f82931a0a124e31a8
5
reference_url https://liferay.atlassian.net/browse/LPE-17327
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17327
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28977?p_r_p_assetEntryId=121612261&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612261%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28977?p_r_p_assetEntryId=121612261&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612261%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28977
reference_id CVE-2022-28977
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28977
8
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
reference_id cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:00:44Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
9
reference_url https://web.archive.org/web/20220922060039/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
reference_id CVE-2022-28977-HTMLUTIL.ESCAPEREDIRECT-CIRCUMVENTION-WITH-MULTIPLE-FORWARD-SLASH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220922060039/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
10
reference_url https://github.com/advisories/GHSA-w397-9p2j-6x23
reference_id GHSA-w397-9p2j-6x23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w397-9p2j-6x23
11
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:00:44Z/
url http://liferay.com
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-6gyp-c7wt-qfb5
3
vulnerability VCID-91rc-5gz3-dbcf
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-bmbd-g58w-z3gy
7
vulnerability VCID-bvbr-288p-xkak
8
vulnerability VCID-ckbc-n5n3-dka6
9
vulnerability VCID-cn4z-f8ej-ruha
10
vulnerability VCID-fer2-q3rr-2khd
11
vulnerability VCID-g52h-8r1h-dfhe
12
vulnerability VCID-k469-ety8-rqby
13
vulnerability VCID-kpwb-z5k7-bqa8
14
vulnerability VCID-mqut-n4an-x3cs
15
vulnerability VCID-n634-fspx-judk
16
vulnerability VCID-p17t-h88p-zybu
17
vulnerability VCID-qaj9-m3df-7qbr
18
vulnerability VCID-shuw-qkwq-vygb
19
vulnerability VCID-t5h8-q4q5-a3em
20
vulnerability VCID-vk9f-1396-jkcp
21
vulnerability VCID-vweb-9s62-zucm
22
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp25
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-91rc-5gz3-dbcf
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-bvbr-288p-xkak
6
vulnerability VCID-ckbc-n5n3-dka6
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-g52h-8r1h-dfhe
9
vulnerability VCID-gkpd-2p17-7fcq
10
vulnerability VCID-gngs-dm98-eqc2
11
vulnerability VCID-k469-ety8-rqby
12
vulnerability VCID-kpwb-z5k7-bqa8
13
vulnerability VCID-mqut-n4an-x3cs
14
vulnerability VCID-n634-fspx-judk
15
vulnerability VCID-p17t-h88p-zybu
16
vulnerability VCID-qaj9-m3df-7qbr
17
vulnerability VCID-shuw-qkwq-vygb
18
vulnerability VCID-t5h8-q4q5-a3em
19
vulnerability VCID-vk9f-1396-jkcp
20
vulnerability VCID-vweb-9s62-zucm
21
vulnerability VCID-vwmh-2kxm-bkan
22
vulnerability VCID-xxcp-sye1-tfbz
23
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp25
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp14
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-5gqq-m36a-53b6
2
vulnerability VCID-6aqp-gny4-5ffp
3
vulnerability VCID-72my-1zwg-a7hx
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-ank8-p9qa-9udx
7
vulnerability VCID-bvbr-288p-xkak
8
vulnerability VCID-ckbc-n5n3-dka6
9
vulnerability VCID-cn4z-f8ej-ruha
10
vulnerability VCID-ed9v-m3q5-6yaq
11
vulnerability VCID-epds-vwku-cyed
12
vulnerability VCID-g52h-8r1h-dfhe
13
vulnerability VCID-gkpd-2p17-7fcq
14
vulnerability VCID-gngs-dm98-eqc2
15
vulnerability VCID-k469-ety8-rqby
16
vulnerability VCID-kpwb-z5k7-bqa8
17
vulnerability VCID-mqut-n4an-x3cs
18
vulnerability VCID-n634-fspx-judk
19
vulnerability VCID-p17t-h88p-zybu
20
vulnerability VCID-qaj9-m3df-7qbr
21
vulnerability VCID-qztv-899y-sbb8
22
vulnerability VCID-shuw-qkwq-vygb
23
vulnerability VCID-snty-bgwf-33bu
24
vulnerability VCID-t5h8-q4q5-a3em
25
vulnerability VCID-tgpb-tps9-wfd5
26
vulnerability VCID-umd8-9ypn-zkdk
27
vulnerability VCID-vk9f-1396-jkcp
28
vulnerability VCID-vweb-9s62-zucm
29
vulnerability VCID-vwmh-2kxm-bkan
30
vulnerability VCID-way6-hfht-aya6
31
vulnerability VCID-xxcp-sye1-tfbz
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp14
aliases CVE-2022-28977, GHSA-w397-9p2j-6x23
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-88u7-stft-ebdh
1
url VCID-scdp-ugfr-yqap
vulnerability_id VCID-scdp-ugfr-yqap
summary Liferay Portal and Liferay DXP has incorrect default permissions for site members
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38268
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30461
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38268
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b
3
reference_url https://liferay.atlassian.net/browse/LPE-17150
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17150
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38268
reference_id CVE-2021-38268
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38268
6
reference_url https://github.com/advisories/GHSA-f855-2rvm-5j7h
reference_id GHSA-f855-2rvm-5j7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f855-2rvm-5j7h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-6gyp-c7wt-qfb5
3
vulnerability VCID-91rc-5gz3-dbcf
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-bmbd-g58w-z3gy
7
vulnerability VCID-bvbr-288p-xkak
8
vulnerability VCID-ckbc-n5n3-dka6
9
vulnerability VCID-cn4z-f8ej-ruha
10
vulnerability VCID-fer2-q3rr-2khd
11
vulnerability VCID-g52h-8r1h-dfhe
12
vulnerability VCID-k469-ety8-rqby
13
vulnerability VCID-kpwb-z5k7-bqa8
14
vulnerability VCID-mqut-n4an-x3cs
15
vulnerability VCID-n634-fspx-judk
16
vulnerability VCID-p17t-h88p-zybu
17
vulnerability VCID-qaj9-m3df-7qbr
18
vulnerability VCID-shuw-qkwq-vygb
19
vulnerability VCID-t5h8-q4q5-a3em
20
vulnerability VCID-vk9f-1396-jkcp
21
vulnerability VCID-vweb-9s62-zucm
22
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-88u7-stft-ebdh
3
vulnerability VCID-91rc-5gz3-dbcf
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-ckbc-n5n3-dka6
8
vulnerability VCID-cn4z-f8ej-ruha
9
vulnerability VCID-g52h-8r1h-dfhe
10
vulnerability VCID-gkpd-2p17-7fcq
11
vulnerability VCID-gngs-dm98-eqc2
12
vulnerability VCID-hqd6-nkr9-4ffm
13
vulnerability VCID-k469-ety8-rqby
14
vulnerability VCID-kpwb-z5k7-bqa8
15
vulnerability VCID-mqut-n4an-x3cs
16
vulnerability VCID-n634-fspx-judk
17
vulnerability VCID-p17t-h88p-zybu
18
vulnerability VCID-qaj9-m3df-7qbr
19
vulnerability VCID-shuw-qkwq-vygb
20
vulnerability VCID-t5h8-q4q5-a3em
21
vulnerability VCID-tvcx-nbr1-efc2
22
vulnerability VCID-vk9f-1396-jkcp
23
vulnerability VCID-vweb-9s62-zucm
24
vulnerability VCID-vwmh-2kxm-bkan
25
vulnerability VCID-xxcp-sye1-tfbz
26
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-88u7-stft-ebdh
6
vulnerability VCID-91rc-5gz3-dbcf
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-bvbr-288p-xkak
11
vulnerability VCID-ckbc-n5n3-dka6
12
vulnerability VCID-cn4z-f8ej-ruha
13
vulnerability VCID-ed9v-m3q5-6yaq
14
vulnerability VCID-epds-vwku-cyed
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gkpd-2p17-7fcq
17
vulnerability VCID-gngs-dm98-eqc2
18
vulnerability VCID-hqd6-nkr9-4ffm
19
vulnerability VCID-jjec-4x7z-ayhz
20
vulnerability VCID-k469-ety8-rqby
21
vulnerability VCID-kpwb-z5k7-bqa8
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n634-fspx-judk
24
vulnerability VCID-p17t-h88p-zybu
25
vulnerability VCID-qaj9-m3df-7qbr
26
vulnerability VCID-qztv-899y-sbb8
27
vulnerability VCID-shuw-qkwq-vygb
28
vulnerability VCID-snty-bgwf-33bu
29
vulnerability VCID-t5h8-q4q5-a3em
30
vulnerability VCID-tgpb-tps9-wfd5
31
vulnerability VCID-tvcx-nbr1-efc2
32
vulnerability VCID-umd8-9ypn-zkdk
33
vulnerability VCID-vk9f-1396-jkcp
34
vulnerability VCID-vweb-9s62-zucm
35
vulnerability VCID-vwmh-2kxm-bkan
36
vulnerability VCID-way6-hfht-aya6
37
vulnerability VCID-xxcp-sye1-tfbz
38
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
4
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-5gqq-m36a-53b6
2
vulnerability VCID-6aqp-gny4-5ffp
3
vulnerability VCID-72my-1zwg-a7hx
4
vulnerability VCID-8uqz-bc88-ybcc
5
vulnerability VCID-9ka7-ck9s-nudp
6
vulnerability VCID-9u32-4n1x-77ce
7
vulnerability VCID-a62g-s5j4-73fr
8
vulnerability VCID-ank8-p9qa-9udx
9
vulnerability VCID-b31e-vxh7-1qe8
10
vulnerability VCID-bvbr-288p-xkak
11
vulnerability VCID-ed9v-m3q5-6yaq
12
vulnerability VCID-epds-vwku-cyed
13
vulnerability VCID-evf7-f2j5-rqhr
14
vulnerability VCID-g52h-8r1h-dfhe
15
vulnerability VCID-gngs-dm98-eqc2
16
vulnerability VCID-j1vh-25uj-ukga
17
vulnerability VCID-kpwb-z5k7-bqa8
18
vulnerability VCID-kqhp-785u-nben
19
vulnerability VCID-kqsk-3dby-s3dh
20
vulnerability VCID-mqut-n4an-x3cs
21
vulnerability VCID-n512-h3fa-xbh7
22
vulnerability VCID-qztv-899y-sbb8
23
vulnerability VCID-snty-bgwf-33bu
24
vulnerability VCID-tgpb-tps9-wfd5
25
vulnerability VCID-txpn-fzyb-3udy
26
vulnerability VCID-umd8-9ypn-zkdk
27
vulnerability VCID-way6-hfht-aya6
28
vulnerability VCID-z611-svpn-m7b1
29
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
aliases CVE-2021-38268, GHSA-f855-2rvm-5j7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scdp-ugfr-yqap
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101