{"url":"http://public2.vulnerablecode.io/api/packages/22652?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.2.1","type":"maven","namespace":"com.liferay.portal","name":"release.portal.bom","version":"7.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.4.3.77-ga77","latest_non_vulnerable_version":"7.4.3.120-ga120","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32392?format=json","vulnerability_id":"VCID-1bjj-tjj8-pudd","summary":"Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25603","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25603"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603","reference_id":"cve-2024-25603","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-15T15:56:27Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25603","reference_id":"CVE-2024-25603","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25603"},{"reference_url":"https://github.com/advisories/GHSA-44jg-jgjx-3xg5","reference_id":"GHSA-44jg-jgjx-3xg5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-44jg-jgjx-3xg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27866?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2024-25603","GHSA-44jg-jgjx-3xg5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bjj-tjj8-pudd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210649?format=json","vulnerability_id":"VCID-1c5p-sera-j3bg","summary":"Exposure of Resource to Wrong Sphere in Liferay Portal","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33330","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43173","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33330"},{"reference_url":"https://issues.liferay.com/browse/LPE-17127","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17127"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747720","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747720"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33330","reference_id":"CVE-2021-33330","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33330"},{"reference_url":"https://github.com/advisories/GHSA-6xxc-4jc4-7jv3","reference_id":"GHSA-6xxc-4jc4-7jv3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xxc-4jc4-7jv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23555?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.3"}],"aliases":["CVE-2021-33330","GHSA-6xxc-4jc4-7jv3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1c5p-sera-j3bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144247?format=json","vulnerability_id":"VCID-389t-vg2c-cbg6","summary":"In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33949","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57129","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33949"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33949","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33949"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949","reference_id":"cve-2023-33949","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:48:38Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949"},{"reference_url":"https://github.com/advisories/GHSA-g9mr-9xfc-4gf7","reference_id":"GHSA-g9mr-9xfc-4gf7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g9mr-9xfc-4gf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22461?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-9bfa-6qqd-d7gb"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-dy73-grbk-tyb6"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jrqh-vfu7-dkfh"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1"}],"aliases":["CVE-2023-33949","GHSA-g9mr-9xfc-4gf7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-389t-vg2c-cbg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41341?format=json","vulnerability_id":"VCID-48hp-m4m8-cqge","summary":"In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26267","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45224","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26267"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267","reference_id":"cve-2024-26267","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:20:52Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26267","reference_id":"CVE-2024-26267","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26267"},{"reference_url":"https://github.com/advisories/GHSA-2mvj-q2q3-wxjv","reference_id":"GHSA-2mvj-q2q3-wxjv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mvj-q2q3-wxjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29158?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.26-ga26","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.26-ga26"},{"url":"http://public2.vulnerablecode.io/api/packages/28822?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27"}],"aliases":["CVE-2024-26267","GHSA-2mvj-q2q3-wxjv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48hp-m4m8-cqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32544?format=json","vulnerability_id":"VCID-5gqq-m36a-53b6","summary":"Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25601","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25601"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601","reference_id":"cve-2024-25601","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T14:15:10Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25601","reference_id":"CVE-2024-25601","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25601"},{"reference_url":"https://github.com/advisories/GHSA-cr36-3vqf-x5w5","reference_id":"GHSA-cr36-3vqf-x5w5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr36-3vqf-x5w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25601","GHSA-cr36-3vqf-x5w5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5gqq-m36a-53b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211444?format=json","vulnerability_id":"VCID-6e5j-scss-jucz","summary":"Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41414","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42756","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41414"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/659c4422bd32b1db1a01a7f4a42b7702d512ffa2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/659c4422bd32b1db1a01a7f4a42b7702d512ffa2"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-01-insecure-defaults-auth-login-prompt-enabled?p_r_p_assetEntryId=121612026&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612026%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-01-insecure-defaults-auth-login-prompt-enabled?p_r_p_assetEntryId=121612026&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612026%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41414","reference_id":"CVE-2022-41414","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41414"},{"reference_url":"https://github.com/advisories/GHSA-9427-7f65-88c8","reference_id":"GHSA-9427-7f65-88c8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9427-7f65-88c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20156?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3"},{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2022-41414","GHSA-9427-7f65-88c8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6e5j-scss-jucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210479?format=json","vulnerability_id":"VCID-6ejn-7nds-1qb6","summary":"Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33333","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52208","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33333"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17032","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17032"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747742","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747742"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33333","reference_id":"CVE-2021-33333","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33333"},{"reference_url":"https://github.com/advisories/GHSA-g7xc-m762-wg8f","reference_id":"GHSA-g7xc-m762-wg8f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g7xc-m762-wg8f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/500398?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1"}],"aliases":["CVE-2021-33333","GHSA-g7xc-m762-wg8f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ejn-7nds-1qb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32554?format=json","vulnerability_id":"VCID-6jw2-chce-suhn","summary":"The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25607","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27316","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25607"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607","reference_id":"cve-2024-25607","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-20T13:27:04Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25607","reference_id":"CVE-2024-25607","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25607"},{"reference_url":"https://github.com/advisories/GHSA-43h9-p3j4-39hm","reference_id":"GHSA-43h9-p3j4-39hm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43h9-p3j4-39hm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29147?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14"}],"aliases":["CVE-2024-25607","GHSA-43h9-p3j4-39hm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jw2-chce-suhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32561?format=json","vulnerability_id":"VCID-72my-1zwg-a7hx","summary":"The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25144","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55238","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25144"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144","reference_id":"cve-2024-25144","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:11:12Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25144","reference_id":"CVE-2024-25144","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25144"},{"reference_url":"https://github.com/advisories/GHSA-w275-m8cr-hf2v","reference_id":"GHSA-w275-m8cr-hf2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w275-m8cr-hf2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28822?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27"}],"aliases":["CVE-2024-25144","GHSA-w275-m8cr-hf2v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72my-1zwg-a7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210413?format=json","vulnerability_id":"VCID-76r8-wfvh-pkg4","summary":"Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29040","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61266","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29040"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429"},{"reference_url":"https://web.archive.org/web/20220828222656/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220828222656/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29040","reference_id":"CVE-2021-29040","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29040"},{"reference_url":"https://github.com/advisories/GHSA-87x7-pwrx-jch7","reference_id":"GHSA-87x7-pwrx-jch7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87x7-pwrx-jch7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23363?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-91rc-5gz3-dbcf"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-cn4z-f8ej-ruha"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fmsa-bc5s-s3e7"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-t5h8-q4q5-a3em"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5"}],"aliases":["CVE-2021-29040","GHSA-87x7-pwrx-jch7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76r8-wfvh-pkg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322077?format=json","vulnerability_id":"VCID-9bfa-6qqd-d7gb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13444","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48463","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13444"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17009","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13444","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13444"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396"},{"reference_url":"https://github.com/advisories/GHSA-8j5r-9687-88w5","reference_id":"GHSA-8j5r-9687-88w5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8j5r-9687-88w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19590?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2"}],"aliases":["CVE-2020-13444","GHSA-8j5r-9687-88w5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bfa-6qqd-d7gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32585?format=json","vulnerability_id":"VCID-9u32-4n1x-77ce","summary":"HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25608","reference_id":"","reference_type":"","scores":[{"value":"0.1765","scoring_system":"epss","scoring_elements":"0.95251","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25608"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608","reference_id":"cve-2024-25608","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:50:15Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25608","reference_id":"CVE-2024-25608","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25608"},{"reference_url":"https://github.com/advisories/GHSA-548x-j6x6-hcv4","reference_id":"GHSA-548x-j6x6-hcv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-548x-j6x6-hcv4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29149?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19-ga19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19-ga19"},{"url":"http://public2.vulnerablecode.io/api/packages/587552?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.20"}],"aliases":["CVE-2024-25608","GHSA-548x-j6x6-hcv4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u32-4n1x-77ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165844?format=json","vulnerability_id":"VCID-9v1n-scdh-a3du","summary":"Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45320","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58686","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45320"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320","reference_id":"cve-2022-45320","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:24:47Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45320","reference_id":"CVE-2022-45320","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45320"},{"reference_url":"https://github.com/advisories/GHSA-mc8m-4r3w-q2hw","reference_id":"GHSA-mc8m-4r3w-q2hw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mc8m-4r3w-q2hw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29126?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16"}],"aliases":["CVE-2022-45320","GHSA-mc8m-4r3w-q2hw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v1n-scdh-a3du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41619?format=json","vulnerability_id":"VCID-a62g-s5j4-73fr","summary":"User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26268","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54091","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26268"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268","reference_id":"cve-2024-26268","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:17:11Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26268","reference_id":"CVE-2024-26268","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26268"},{"reference_url":"https://github.com/advisories/GHSA-qm43-g2xj-hvg5","reference_id":"GHSA-qm43-g2xj-hvg5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm43-g2xj-hvg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29161?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27"},{"url":"http://public2.vulnerablecode.io/api/packages/27861?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.28"}],"aliases":["CVE-2024-26268","GHSA-qm43-g2xj-hvg5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a62g-s5j4-73fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32244?format=json","vulnerability_id":"VCID-ank8-p9qa-9udx","summary":"Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25146","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60295","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25146"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146","reference_id":"cve-2024-25146","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:08Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25146","reference_id":"CVE-2024-25146","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25146"},{"reference_url":"https://github.com/advisories/GHSA-mqf8-4cqm-p83x","reference_id":"GHSA-mqf8-4cqm-p83x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqf8-4cqm-p83x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28818?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2"}],"aliases":["CVE-2024-25146","GHSA-mqf8-4cqm-p83x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ank8-p9qa-9udx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/325718?format=json","vulnerability_id":"VCID-ar4h-r3ga-w7gt","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24554","reference_id":"","reference_type":"","scores":[{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71138","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24554"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24554","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24554"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784956","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784956"},{"reference_url":"https://github.com/advisories/GHSA-mg53-xr8m-86hw","reference_id":"GHSA-mg53-xr8m-86hw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg53-xr8m-86hw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23555?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.3"}],"aliases":["CVE-2020-24554","GHSA-mg53-xr8m-86hw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ar4h-r3ga-w7gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210480?format=json","vulnerability_id":"VCID-b12f-kdez-2qau","summary":"Liferay Portal and Liferay DXP Fails to Properly Check User Permissions","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33334","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23897","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33334"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17039","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17039"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33334","reference_id":"CVE-2021-33334","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33334"},{"reference_url":"https://github.com/advisories/GHSA-g37f-j8hh-736f","reference_id":"GHSA-g37f-j8hh-736f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g37f-j8hh-736f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/500398?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1"}],"aliases":["CVE-2021-33334","GHSA-g37f-j8hh-736f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b12f-kdez-2qau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147894?format=json","vulnerability_id":"VCID-b4t3-pryv-x3a7","summary":"Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47798","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40274","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47798"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798","reference_id":"cve-2023-47798","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:49:56Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47798","reference_id":"CVE-2023-47798","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47798"},{"reference_url":"https://github.com/advisories/GHSA-2mx7-xvfg-fg53","reference_id":"GHSA-2mx7-xvfg-fg53","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mx7-xvfg-fg53"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22461?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-9bfa-6qqd-d7gb"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-dy73-grbk-tyb6"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jrqh-vfu7-dkfh"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1"}],"aliases":["CVE-2023-47798","GHSA-2mx7-xvfg-fg53"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4t3-pryv-x3a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210418?format=json","vulnerability_id":"VCID-bmbd-g58w-z3gy","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29051","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55205","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29051"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"},{"reference_url":"https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29051","reference_id":"CVE-2021-29051","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29051"},{"reference_url":"https://github.com/advisories/GHSA-jvvx-8g42-9559","reference_id":"GHSA-jvvx-8g42-9559","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvvx-8g42-9559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29051","GHSA-jvvx-8g42-9559"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmbd-g58w-z3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32605?format=json","vulnerability_id":"VCID-cn1e-v8j7-mfhp","summary":"Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25604","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25376","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25604"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604","reference_id":"cve-2024-25604","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:38:45Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25604","reference_id":"CVE-2024-25604","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25604"},{"reference_url":"https://github.com/advisories/GHSA-pw7p-3648-qqmg","reference_id":"GHSA-pw7p-3648-qqmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw7p-3648-qqmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27865?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/587546?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2024-25604","GHSA-pw7p-3648-qqmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cn1e-v8j7-mfhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32173?format=json","vulnerability_id":"VCID-d3cx-1jmf-cfc4","summary":"The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25151","reference_id":"","reference_type":"","scores":[{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.6268","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25151"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151","reference_id":"cve-2024-25151","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:59:16Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25151","reference_id":"CVE-2024-25151","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25151"},{"reference_url":"https://github.com/advisories/GHSA-hgr6-6hhw-883f","reference_id":"GHSA-hgr6-6hhw-883f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgr6-6hhw-883f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27867?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4"}],"aliases":["CVE-2024-25151","GHSA-hgr6-6hhw-883f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3cx-1jmf-cfc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322078?format=json","vulnerability_id":"VCID-dy73-grbk-tyb6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13445","reference_id":"","reference_type":"","scores":[{"value":"0.0371","scoring_system":"epss","scoring_elements":"0.88233","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13445"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17023","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17023"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13445","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13445"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce"},{"reference_url":"https://github.com/advisories/GHSA-v377-8f8f-532h","reference_id":"GHSA-v377-8f8f-532h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v377-8f8f-532h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19590?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2"}],"aliases":["CVE-2020-13445","GHSA-v377-8f8f-532h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dy73-grbk-tyb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32492?format=json","vulnerability_id":"VCID-ed9v-m3q5-6yaq","summary":"Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25602","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64421","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25602"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602","reference_id":"cve-2024-25602","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:23:34Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25602","reference_id":"CVE-2024-25602","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25602"},{"reference_url":"https://github.com/advisories/GHSA-v2xq-m22w-jmpr","reference_id":"GHSA-v2xq-m22w-jmpr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v2xq-m22w-jmpr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25602","GHSA-v2xq-m22w-jmpr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed9v-m3q5-6yaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41467?format=json","vulnerability_id":"VCID-efzj-vsre-1ygm","summary":"The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26265","reference_id":"","reference_type":"","scores":[{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.72215","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26265"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265","reference_id":"cve-2024-26265","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:41:28Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26265","reference_id":"CVE-2024-26265","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26265"},{"reference_url":"https://github.com/advisories/GHSA-29xx-fhff-36m7","reference_id":"GHSA-29xx-fhff-36m7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29xx-fhff-36m7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29126?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16"}],"aliases":["CVE-2024-26265","GHSA-29xx-fhff-36m7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efzj-vsre-1ygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127620?format=json","vulnerability_id":"VCID-epds-vwku-cyed","summary":"A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3760","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36299","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3760"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3760","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3760"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760","reference_id":"CVE-2025-3760","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:22:03Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760"},{"reference_url":"https://github.com/advisories/GHSA-qhp6-vp7c-g7xp","reference_id":"GHSA-qhp6-vp7c-g7xp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qhp6-vp7c-g7xp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376541?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-jpgh-rqqn-x7ge"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132"}],"aliases":["CVE-2025-3760","GHSA-qhp6-vp7c-g7xp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epds-vwku-cyed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210491?format=json","vulnerability_id":"VCID-fer2-q3rr-2khd","summary":"Liferay Portal and Liferay DXP Don't Check Permissions of Pages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33324","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30719","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33324"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17001","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17001"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063"},{"reference_url":"https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33324","reference_id":"CVE-2021-33324","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33324"},{"reference_url":"https://github.com/advisories/GHSA-474f-cmx5-gm69","reference_id":"GHSA-474f-cmx5-gm69","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-474f-cmx5-gm69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19590?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2"}],"aliases":["CVE-2021-33324","GHSA-474f-cmx5-gm69"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fer2-q3rr-2khd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32281?format=json","vulnerability_id":"VCID-g52h-8r1h-dfhe","summary":"Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25145","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25145"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145","reference_id":"cve-2024-25145","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-08T17:02:17Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25145","reference_id":"CVE-2024-25145","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25145"},{"reference_url":"https://github.com/advisories/GHSA-9vgq-w5pv-v77q","reference_id":"GHSA-9vgq-w5pv-v77q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vgq-w5pv-v77q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28806?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.12"}],"aliases":["CVE-2024-25145","GHSA-9vgq-w5pv-v77q"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g52h-8r1h-dfhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210425?format=json","vulnerability_id":"VCID-g6wt-vwuh-cua8","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29044","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6523","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29044"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29044","reference_id":"CVE-2021-29044","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29044"},{"reference_url":"https://github.com/advisories/GHSA-wcr5-3q96-c2gr","reference_id":"GHSA-wcr5-3q96-c2gr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcr5-3q96-c2gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29044","GHSA-wcr5-3q96-c2gr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6wt-vwuh-cua8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60411?format=json","vulnerability_id":"VCID-gngs-dm98-eqc2","summary":"Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11993","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38804","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11993"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11993","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11993"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993","reference_id":"CVE-2024-11993","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:24:48Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993"},{"reference_url":"https://github.com/advisories/GHSA-4hxr-28mv-q729","reference_id":"GHSA-4hxr-28mv-q729","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4hxr-28mv-q729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372328?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.39"}],"aliases":["CVE-2024-11993","GHSA-4hxr-28mv-q729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gngs-dm98-eqc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210169?format=json","vulnerability_id":"VCID-hkq7-mdbr-hkb2","summary":"Liferay Portal and Liferay DXP Bypass via Double Encoded URL","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15840","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41229","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15840"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17046","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17046"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-COMLIFERAYPORTAL-1296538","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-COMLIFERAYPORTAL-1296538"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15840","reference_id":"CVE-2020-15840","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15840"},{"reference_url":"https://github.com/advisories/GHSA-vrwx-q9pj-x488","reference_id":"GHSA-vrwx-q9pj-x488","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrwx-q9pj-x488"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22461?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-9bfa-6qqd-d7gb"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-dy73-grbk-tyb6"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jrqh-vfu7-dkfh"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1"}],"aliases":["CVE-2020-15840","GHSA-vrwx-q9pj-x488"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkq7-mdbr-hkb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166477?format=json","vulnerability_id":"VCID-hpqu-qfg1-rygw","summary":"The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42130","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5587","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42130"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130","reference_id":"cve-2022-42130","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42130","reference_id":"CVE-2022-42130","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42130"},{"reference_url":"https://github.com/advisories/GHSA-mxvq-cv4x-p3jw","reference_id":"GHSA-mxvq-cv4x-p3jw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxvq-cv4x-p3jw"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17447","reference_id":"LPE-17447","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/"}],"url":"https://issues.liferay.com/browse/LPE-17447"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27866?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2022-42130","GHSA-mxvq-cv4x-p3jw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpqu-qfg1-rygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41348?format=json","vulnerability_id":"VCID-jh4y-y7np-9fav","summary":"Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26266","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26266"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266","reference_id":"cve-2024-26266","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:43:41Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26266","reference_id":"CVE-2024-26266","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26266"},{"reference_url":"https://github.com/advisories/GHSA-rwxc-4cmw-7x75","reference_id":"GHSA-rwxc-4cmw-7x75","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwxc-4cmw-7x75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29147?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14"}],"aliases":["CVE-2024-26266","GHSA-rwxc-4cmw-7x75"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jh4y-y7np-9fav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210477?format=json","vulnerability_id":"VCID-jrqh-vfu7-dkfh","summary":"Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33331","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58286","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33331"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17022","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17022"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33331","reference_id":"CVE-2021-33331","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33331"},{"reference_url":"https://github.com/advisories/GHSA-mj8w-h522-jwm8","reference_id":"GHSA-mj8w-h522-jwm8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj8w-h522-jwm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/500397?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9bfa-6qqd-d7gb"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-dy73-grbk-tyb6"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1-1"}],"aliases":["CVE-2021-33331","GHSA-mj8w-h522-jwm8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrqh-vfu7-dkfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210497?format=json","vulnerability_id":"VCID-jxe5-tt8r-cbag","summary":"Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33338","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29013","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33338"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17030","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17030"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748276","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748276"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33338","reference_id":"CVE-2021-33338","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33338"},{"reference_url":"https://github.com/advisories/GHSA-4frg-rpx6-96qh","reference_id":"GHSA-4frg-rpx6-96qh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4frg-rpx6-96qh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23555?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.3"}],"aliases":["CVE-2021-33338","GHSA-4frg-rpx6-96qh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxe5-tt8r-cbag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32590?format=json","vulnerability_id":"VCID-k469-ety8-rqby","summary":"The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25605","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40276","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25605"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605","reference_id":"cve-2024-25605","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:21:08Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25605","reference_id":"CVE-2024-25605","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25605"},{"reference_url":"https://github.com/advisories/GHSA-mf8h-grfg-j9j3","reference_id":"GHSA-mf8h-grfg-j9j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mf8h-grfg-j9j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27865?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/587546?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2024-25605","GHSA-mf8h-grfg-j9j3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k469-ety8-rqby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/323137?format=json","vulnerability_id":"VCID-k644-swhk-k7b1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15841","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.5691","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15841"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-16928","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-16928"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15841","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15841"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439"},{"reference_url":"https://github.com/advisories/GHSA-773f-f929-qgjj","reference_id":"GHSA-773f-f929-qgjj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-773f-f929-qgjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23374?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-389t-vg2c-cbg6"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-9bfa-6qqd-d7gb"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-b4t3-pryv-x3a7"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-dy73-grbk-tyb6"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hkq7-mdbr-hkb2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jrqh-vfu7-dkfh"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-usat-g9cd-a3h2"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.0"}],"aliases":["CVE-2020-15841","GHSA-773f-f929-qgjj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k644-swhk-k7b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210492?format=json","vulnerability_id":"VCID-m2ex-r993-6qcp","summary":"Liferay Portal and Liferay DXP insecure default configuration","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33321","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54879","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33321"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/06df28c5ad618afed967fa485418e6cc29c70f38","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/06df28c5ad618afed967fa485418e6cc29c70f38"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/37de1d78d9b1c4a473e3233a6ea146c741075e18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/37de1d78d9b1c4a473e3233a6ea146c741075e18"},{"reference_url":"https://help.liferay.com/hc/en-us/articles/360050785632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://help.liferay.com/hc/en-us/articles/360050785632"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748055","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748055"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33321","reference_id":"CVE-2021-33321","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33321"},{"reference_url":"https://github.com/advisories/GHSA-jfch-m2x3-2v66","reference_id":"GHSA-jfch-m2x3-2v66","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfch-m2x3-2v66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23555?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.3"}],"aliases":["CVE-2021-33321","GHSA-jfch-m2x3-2v66"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ex-r993-6qcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/331140?format=json","vulnerability_id":"VCID-mfve-xz2s-mya2","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7934","reference_id":"","reference_type":"","scores":[{"value":"0.03394","scoring_system":"epss","scoring_elements":"0.87681","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7934"},{"reference_url":"https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7934","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7934"},{"reference_url":"https://web.archive.org/web/20200808034429/https://semanticbits.com/liferay-portal-authenticated-xss-disclosure","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200808034429/https://semanticbits.com/liferay-portal-authenticated-xss-disclosure"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49091.txt","reference_id":"CVE-2020-7934","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49091.txt"},{"reference_url":"https://github.com/advisories/GHSA-f99h-h678-fgg4","reference_id":"GHSA-f99h-h678-fgg4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f99h-h678-fgg4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23374?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-389t-vg2c-cbg6"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-9bfa-6qqd-d7gb"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-b4t3-pryv-x3a7"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-dy73-grbk-tyb6"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hkq7-mdbr-hkb2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jrqh-vfu7-dkfh"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-usat-g9cd-a3h2"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.0"}],"aliases":["CVE-2020-7934","GHSA-f99h-h678-fgg4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mfve-xz2s-mya2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32565?format=json","vulnerability_id":"VCID-mqut-n4an-x3cs","summary":"Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25150","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38474","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25150"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150","reference_id":"cve-2024-25150","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T14:56:08Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25150","reference_id":"CVE-2024-25150","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25150"},{"reference_url":"https://github.com/advisories/GHSA-4585-28v2-8h46","reference_id":"GHSA-4585-28v2-8h46","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4585-28v2-8h46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27028?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j2r3-g95d-hued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4"},{"url":"http://public2.vulnerablecode.io/api/packages/27866?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2024-25150","GHSA-4585-28v2-8h46"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqut-n4an-x3cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210483?format=json","vulnerability_id":"VCID-n4t4-bb8c-nub4","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33328","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35041","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33328"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17100","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17100"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33328","reference_id":"CVE-2021-33328","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33328"},{"reference_url":"https://github.com/advisories/GHSA-vpvm-3wfw-5f5c","reference_id":"GHSA-vpvm-3wfw-5f5c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vpvm-3wfw-5f5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23363?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-91rc-5gz3-dbcf"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-cn4z-f8ej-ruha"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fmsa-bc5s-s3e7"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-t5h8-q4q5-a3em"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5"}],"aliases":["CVE-2021-33328","GHSA-vpvm-3wfw-5f5c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4t4-bb8c-nub4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32282?format=json","vulnerability_id":"VCID-n634-fspx-judk","summary":"Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the \"Limit membership to members of the parent site\" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25149","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49567","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25149"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149","reference_id":"cve-2024-25149","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:46:50Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25149","reference_id":"CVE-2024-25149","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25149"},{"reference_url":"https://github.com/advisories/GHSA-qpgh-6v9w-vfv6","reference_id":"GHSA-qpgh-6v9w-vfv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpgh-6v9w-vfv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20156?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3"},{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25149","GHSA-qpgh-6v9w-vfv6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n634-fspx-judk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144047?format=json","vulnerability_id":"VCID-ph4a-tj1g-ykc8","summary":"Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33939","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53313","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33939"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33939","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33939"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939","reference_id":"cve-2023-33939","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:45:50Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939"},{"reference_url":"https://github.com/advisories/GHSA-53mw-69qx-q4fc","reference_id":"GHSA-53mw-69qx-q4fc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-53mw-69qx-q4fc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29159?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13"}],"aliases":["CVE-2023-33939","GHSA-53mw-69qx-q4fc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ph4a-tj1g-ykc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/323138?format=json","vulnerability_id":"VCID-qcxr-ayvy-z3h2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15842","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69067","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15842"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-16963","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-16963"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15842","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15842"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427"},{"reference_url":"https://github.com/advisories/GHSA-mg3r-9jh8-33r9","reference_id":"GHSA-mg3r-9jh8-33r9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mg3r-9jh8-33r9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23374?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-389t-vg2c-cbg6"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-9bfa-6qqd-d7gb"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-b4t3-pryv-x3a7"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-dy73-grbk-tyb6"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hkq7-mdbr-hkb2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jrqh-vfu7-dkfh"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-usat-g9cd-a3h2"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.0"}],"aliases":["CVE-2020-15842","GHSA-mg3r-9jh8-33r9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcxr-ayvy-z3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32370?format=json","vulnerability_id":"VCID-qztv-899y-sbb8","summary":"Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25147","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34833","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25147"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147","reference_id":"cve-2024-25147","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T16:15:43Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25147","reference_id":"CVE-2024-25147","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25147"},{"reference_url":"https://github.com/advisories/GHSA-xpjg-7hx7-wgcx","reference_id":"GHSA-xpjg-7hx7-wgcx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpjg-7hx7-wgcx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/587544?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.1-1"}],"aliases":["CVE-2024-25147","GHSA-xpjg-7hx7-wgcx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qztv-899y-sbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32541?format=json","vulnerability_id":"VCID-rn7g-6h98-duek","summary":"The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25143","reference_id":"","reference_type":"","scores":[{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73478","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25143"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/29b73b9b896c7d44fb5d1800a402698c303d1cf6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/29b73b9b896c7d44fb5d1800a402698c303d1cf6"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4381c10ad0722b3b00c3e3567b68538ab0994145","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4381c10ad0722b3b00c3e3567b68538ab0994145"},{"reference_url":"https://github.com/liferay/liferay-portal/releases/tag/7.3.7-ga8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/releases/tag/7.3.7-ga8"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143","reference_id":"cve-2024-25143","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T20:07:01Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25143","reference_id":"CVE-2024-25143","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25143"},{"reference_url":"https://github.com/advisories/GHSA-87m3-6qj3-p3xh","reference_id":"GHSA-87m3-6qj3-p3xh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87m3-6qj3-p3xh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20152?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-z611-svpn-m7b1"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.7"}],"aliases":["CVE-2024-25143","GHSA-87m3-6qj3-p3xh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rn7g-6h98-duek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166388?format=json","vulnerability_id":"VCID-t2ys-d2mh-xygr","summary":"The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42132","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56187","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42132"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132","reference_id":"cve-2022-42132","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42132","reference_id":"CVE-2022-42132","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42132"},{"reference_url":"https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132","reference_id":"CVE-2022-42132","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"},{"reference_url":"https://github.com/advisories/GHSA-f43m-hhj4-q3jg","reference_id":"GHSA-f43m-hhj4-q3jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f43m-hhj4-q3jg"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17438","reference_id":"LPE-17438","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"https://issues.liferay.com/browse/LPE-17438"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27865?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/587546?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2022-42132","GHSA-f43m-hhj4-q3jg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ys-d2mh-xygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32286?format=json","vulnerability_id":"VCID-tgpb-tps9-wfd5","summary":"Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25152","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25152"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152","reference_id":"cve-2024-25152","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T19:54:47Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25152","reference_id":"CVE-2024-25152","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25152"},{"reference_url":"https://github.com/advisories/GHSA-p28x-4r5h-ph6j","reference_id":"GHSA-p28x-4r5h-ph6j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p28x-4r5h-ph6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25152","GHSA-p28x-4r5h-ph6j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgpb-tps9-wfd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166398?format=json","vulnerability_id":"VCID-trgc-963v-9ue4","summary":"Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42131","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31979","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42131"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131","reference_id":"cve-2022-42131","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42131","reference_id":"CVE-2022-42131","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42131"},{"reference_url":"https://github.com/advisories/GHSA-cx84-43xc-3gm2","reference_id":"GHSA-cx84-43xc-3gm2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cx84-43xc-3gm2"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17377","reference_id":"LPE-17377","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/"}],"url":"https://issues.liferay.com/browse/LPE-17377"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27867?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4"}],"aliases":["CVE-2022-42131","GHSA-cx84-43xc-3gm2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trgc-963v-9ue4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32167?format=json","vulnerability_id":"VCID-umd8-9ypn-zkdk","summary":"In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25148","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63204","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25148"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148","reference_id":"cve-2024-25148","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T17:33:36Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25148","reference_id":"CVE-2024-25148","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25148"},{"reference_url":"https://github.com/advisories/GHSA-qwj8-qgpr-8crm","reference_id":"GHSA-qwj8-qgpr-8crm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwj8-qgpr-8crm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28818?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2"}],"aliases":["CVE-2024-25148","GHSA-qwj8-qgpr-8crm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umd8-9ypn-zkdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144096?format=json","vulnerability_id":"VCID-usat-g9cd-a3h2","summary":"Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33937","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53313","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33937"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33937","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33937"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33937","reference_id":"cve-2023-33937","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:46:27Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33937"},{"reference_url":"https://github.com/advisories/GHSA-v6m2-j92j-2h78","reference_id":"GHSA-v6m2-j92j-2h78","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6m2-j92j-2h78"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22461?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4qnf-vd8e-9yfr"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-9bfa-6qqd-d7gb"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-dy73-grbk-tyb6"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jrqh-vfu7-dkfh"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1"}],"aliases":["CVE-2023-33937","GHSA-v6m2-j92j-2h78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-usat-g9cd-a3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32181?format=json","vulnerability_id":"VCID-uu4f-gvmj-7key","summary":"In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25610","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28249","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25610"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610","reference_id":"cve-2024-25610","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-28T13:32:33Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25610","reference_id":"CVE-2024-25610","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25610"},{"reference_url":"https://github.com/advisories/GHSA-vvpf-53qx-cxhh","reference_id":"GHSA-vvpf-53qx-cxhh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvpf-53qx-cxhh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29159?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13"}],"aliases":["CVE-2024-25610","GHSA-vvpf-53qx-cxhh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uu4f-gvmj-7key"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32378?format=json","vulnerability_id":"VCID-uxjd-h6fd-sbgf","summary":"HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25609","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49759","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25609"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609","reference_id":"cve-2024-25609","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T19:18:48Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25609","reference_id":"CVE-2024-25609","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25609"},{"reference_url":"https://github.com/advisories/GHSA-3qq5-wcrx-4h8r","reference_id":"GHSA-3qq5-wcrx-4h8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qq5-wcrx-4h8r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29156?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13-ga13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13-ga13"},{"url":"http://public2.vulnerablecode.io/api/packages/29147?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14"}],"aliases":["CVE-2024-25609","GHSA-3qq5-wcrx-4h8r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxjd-h6fd-sbgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210420?format=json","vulnerability_id":"VCID-v9m5-8c56-tuhb","summary":"Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29043","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42597","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29043"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515"},{"reference_url":"https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29043","reference_id":"CVE-2021-29043","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29043"},{"reference_url":"https://github.com/advisories/GHSA-xx2h-2hf5-v7vv","reference_id":"GHSA-xx2h-2hf5-v7vv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx2h-2hf5-v7vv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29043","GHSA-xx2h-2hf5-v7vv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9m5-8c56-tuhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210275?format=json","vulnerability_id":"VCID-w4dj-rmf3-u7ej","summary":"Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25476","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64086","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25476"},{"reference_url":"https://github.com/community-security-team/liferay-portal/compare/7.1.3-ga4...7.1.3-cumulative.patch","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/community-security-team/liferay-portal/compare/7.1.3-ga4...7.1.3-cumulative.patch"},{"reference_url":"https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119318646","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119318646"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25476","reference_id":"CVE-2020-25476","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25476"},{"reference_url":"https://github.com/advisories/GHSA-pvpg-9553-f979","reference_id":"GHSA-pvpg-9553-f979","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pvpg-9553-f979"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/500395?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-389t-vg2c-cbg6"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6ejn-7nds-1qb6"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-9bfa-6qqd-d7gb"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-b12f-kdez-2qau"},{"vulnerability":"VCID-b4t3-pryv-x3a7"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-dy73-grbk-tyb6"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hkq7-mdbr-hkb2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jrqh-vfu7-dkfh"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k644-swhk-k7b1"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mfve-xz2s-mya2"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qcxr-ayvy-z3h2"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-usat-g9cd-a3h2"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-yxjx-p7zs-3fec"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.2.1-1"}],"aliases":["CVE-2020-25476","GHSA-pvpg-9553-f979"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4dj-rmf3-u7ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88820?format=json","vulnerability_id":"VCID-whty-vwsm-t7gt","summary":"Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43748","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10981","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43748"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17839","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17839"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43748","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43748"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748","reference_id":"CVE-2025-43748","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-22T03:55:44Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748"},{"reference_url":"https://github.com/advisories/GHSA-p9gc-59hf-x48p","reference_id":"GHSA-p9gc-59hf-x48p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p9gc-59hf-x48p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377797?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120"},{"url":"http://public2.vulnerablecode.io/api/packages/787947?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-jpgh-rqqn-x7ge"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125"}],"aliases":["CVE-2025-43748","GHSA-p9gc-59hf-x48p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-whty-vwsm-t7gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210501?format=json","vulnerability_id":"VCID-ww6r-hc6t-eqgp","summary":"Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33335","reference_id":"","reference_type":"","scores":[{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70873","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33335"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17103","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17103"},{"reference_url":"https://web.archive.org/web/20220828222916/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747906","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220828222916/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747906"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33335","reference_id":"CVE-2021-33335","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33335"},{"reference_url":"https://github.com/advisories/GHSA-5gh9-g62h-f35m","reference_id":"GHSA-5gh9-g62h-f35m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5gh9-g62h-f35m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23363?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-91rc-5gz3-dbcf"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-cn4z-f8ej-ruha"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fmsa-bc5s-s3e7"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-t5h8-q4q5-a3em"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5"}],"aliases":["CVE-2021-33335","GHSA-5gh9-g62h-f35m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww6r-hc6t-eqgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32263?format=json","vulnerability_id":"VCID-xy7e-q9wh-fkh4","summary":"XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25606","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33981","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25606"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606","reference_id":"cve-2024-25606","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T13:32:40Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25606","reference_id":"CVE-2024-25606","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25606"},{"reference_url":"https://github.com/advisories/GHSA-869h-qhfx-w939","reference_id":"GHSA-869h-qhfx-w939","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-869h-qhfx-w939"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29141?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.8"}],"aliases":["CVE-2024-25606","GHSA-869h-qhfx-w939"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xy7e-q9wh-fkh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210498?format=json","vulnerability_id":"VCID-yffn-r39p-nfcp","summary":"Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33339","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3825","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33339"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17102","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17102"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747934","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33339","reference_id":"CVE-2021-33339","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33339"},{"reference_url":"https://github.com/advisories/GHSA-7pxh-q6jw-6xj8","reference_id":"GHSA-7pxh-q6jw-6xj8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7pxh-q6jw-6xj8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23363?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-91rc-5gz3-dbcf"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-cn4z-f8ej-ruha"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fmsa-bc5s-s3e7"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-t5h8-q4q5-a3em"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5"}],"aliases":["CVE-2021-33339","GHSA-7pxh-q6jw-6xj8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yffn-r39p-nfcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41350?format=json","vulnerability_id":"VCID-yp7c-xgj7-s3h2","summary":"Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26269","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34833","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26269"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269","reference_id":"cve-2024-26269","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T16:16:54Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26269","reference_id":"CVE-2024-26269","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26269"},{"reference_url":"https://github.com/advisories/GHSA-rwhv-hvj2-qrqm","reference_id":"GHSA-rwhv-hvj2-qrqm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwhv-hvj2-qrqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29243?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.38"}],"aliases":["CVE-2024-26269","GHSA-rwhv-hvj2-qrqm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp7c-xgj7-s3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210478?format=json","vulnerability_id":"VCID-yxjx-p7zs-3fec","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33332","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34766","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33332"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17053","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17053"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748366","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748366"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33332","reference_id":"CVE-2021-33332","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33332"},{"reference_url":"https://github.com/advisories/GHSA-9995-qvcg-x7g6","reference_id":"GHSA-9995-qvcg-x7g6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9995-qvcg-x7g6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/500398?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-1c5p-sera-j3bg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-76r8-wfvh-pkg4"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-ar4h-r3ga-w7gt"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-fx8b-2pzj-uyg6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-jxe5-tt8r-cbag"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-m2ex-r993-6qcp"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n4t4-bb8c-nub4"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-sqsw-skt9-93dt"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-ww6r-hc6t-eqgp"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yffn-r39p-nfcp"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1"}],"aliases":["CVE-2021-33332","GHSA-9995-qvcg-x7g6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxjx-p7zs-3fec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138648?format=json","vulnerability_id":"VCID-zkm4-bz55-9bb8","summary":"Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37940","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38804","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37940"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37940","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37940"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940","reference_id":"CVE-2023-37940","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940"},{"reference_url":"https://github.com/advisories/GHSA-px38-239g-x5mg","reference_id":"GHSA-px38-239g-x5mg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-px38-239g-x5mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372310?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d49a-szjx-jub1"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k7dn-nb9d-ckdk"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pac3-4jrs-pqdg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-qxsh-hm7q-5ban"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-twyc-srx8-fudj"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88"}],"aliases":["CVE-2023-37940","GHSA-px38-239g-x5mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkm4-bz55-9bb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34499?format=json","vulnerability_id":"VCID-zn2s-8c79-x7h3","summary":"The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173\n does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8980","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59949","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8980"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8980","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8980"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980","reference_id":"CVE-2024-8980","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:02:17Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980"},{"reference_url":"https://github.com/advisories/GHSA-chj2-4vg7-hhg3","reference_id":"GHSA-chj2-4vg7-hhg3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-chj2-4vg7-hhg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371922?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102"},{"url":"http://public2.vulnerablecode.io/api/packages/696549?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k7dn-nb9d-ckdk"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-qxsh-hm7q-5ban"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103"}],"aliases":["CVE-2024-8980","GHSA-chj2-4vg7-hhg3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zn2s-8c79-x7h3"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.2.1"}