Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.11
Typemaven
Namespacecom.liferay
Namecom.liferay.dynamic.data.mapping.form.field.type
Version6.0.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.187
Latest_non_vulnerable_version6.0.187
Affected_by_vulnerabilities
0
url VCID-55az-vg3q-r7g9
vulnerability_id VCID-55az-vg3q-r7g9
summary Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the forms, the files are stored in the document_library allowing an attacker to cause a potential DDoS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43762
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30592
published_at 2026-06-12T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30396
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43762
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/9d32b089f30a42c8fd2d30832b3c90eefb5afe84
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9d32b089f30a42c8fd2d30832b3c90eefb5afe84
3
reference_url https://liferay.atlassian.net/browse/LPE-18177
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18177
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43762
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43762
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43762
reference_id CVE-2025-43762
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T19:03:43Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43762
6
reference_url https://github.com/advisories/GHSA-84pp-qr92-95c9
reference_id GHSA-84pp-qr92-95c9
reference_type
scores
url https://github.com/advisories/GHSA-84pp-qr92-95c9
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.187
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.187
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.187
aliases CVE-2025-43762, GHSA-84pp-qr92-95c9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55az-vg3q-r7g9
1
url VCID-585d-yyuk-3fef
vulnerability_id VCID-585d-yyuk-3fef
summary Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a rich text type field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43800
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.1402
published_at 2026-06-11T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.14136
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43800
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43800
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43800
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43800
reference_id CVE-2025-43800
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:49:07Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43800
4
reference_url https://github.com/advisories/GHSA-jfv5-r382-xvwh
reference_id GHSA-jfv5-r382-xvwh
reference_type
scores
url https://github.com/advisories/GHSA-jfv5-r382-xvwh
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-55az-vg3q-r7g9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
aliases CVE-2025-43800, GHSA-jfv5-r382-xvwh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-585d-yyuk-3fef
2
url VCID-hcjh-n6r2-m7g4
vulnerability_id VCID-hcjh-n6r2-m7g4
summary Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a "Rich Text" type field to (1) a web content structure, (2) a Documents and Media Document Type , or (3) custom assets that uses the Data Engine's module Rich Text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43791
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.1402
published_at 2026-06-11T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.14136
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43791
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43791
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43791
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43791
reference_id CVE-2025-43791
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T18:34:14Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43791
4
reference_url https://github.com/advisories/GHSA-5c6v-fqcw-w6q5
reference_id GHSA-5c6v-fqcw-w6q5
reference_type
scores
url https://github.com/advisories/GHSA-5c6v-fqcw-w6q5
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-55az-vg3q-r7g9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
aliases CVE-2025-43791, GHSA-5c6v-fqcw-w6q5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcjh-n6r2-m7g4
Fixing_vulnerabilities
0
url VCID-txpn-fzyb-3udy
vulnerability_id VCID-txpn-fzyb-3udy
summary Liferay Portal and Liferay DXP allows arbitrary injection via form field
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26594
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.4954
published_at 2026-06-12T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49403
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26594
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/7c9348cc59271647cfd192c007d383d80ae9a667
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7c9348cc59271647cfd192c007d383d80ae9a667
3
reference_url https://liferay.atlassian.net/browse/LPE-17290
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17290
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26594-xss-vulnerability-with-form-field-help-text?p_r_p_assetEntryId=121612173&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612173%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26594-xss-vulnerability-with-form-field-help-text?p_r_p_assetEntryId=121612173&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612173%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26594
reference_id CVE-2022-26594
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-26594
6
reference_url https://github.com/advisories/GHSA-658f-xhv4-p978
reference_id GHSA-658f-xhv4-p978
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-658f-xhv4-p978
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.11
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-55az-vg3q-r7g9
1
vulnerability VCID-585d-yyuk-3fef
2
vulnerability VCID-hcjh-n6r2-m7g4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.11
aliases CVE-2022-26594, GHSA-658f-xhv4-p978
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txpn-fzyb-3udy
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.11