{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","type":"maven","namespace":"com.liferay.portal","name":"release.portal.bom","version":"7.3.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32392?format=json","vulnerability_id":"VCID-1bjj-tjj8-pudd","summary":"Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25603","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35874","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25603"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603","reference_id":"cve-2024-25603","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-15T15:56:27Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25603","reference_id":"CVE-2024-25603","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25603"},{"reference_url":"https://github.com/advisories/GHSA-44jg-jgjx-3xg5","reference_id":"GHSA-44jg-jgjx-3xg5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-44jg-jgjx-3xg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27866?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2024-25603","GHSA-44jg-jgjx-3xg5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bjj-tjj8-pudd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41341?format=json","vulnerability_id":"VCID-48hp-m4m8-cqge","summary":"In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26267","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45373","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45224","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26267"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267","reference_id":"cve-2024-26267","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:20:52Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26267","reference_id":"CVE-2024-26267","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26267"},{"reference_url":"https://github.com/advisories/GHSA-2mvj-q2q3-wxjv","reference_id":"GHSA-2mvj-q2q3-wxjv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mvj-q2q3-wxjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29158?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.26-ga26","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.26-ga26"},{"url":"http://public2.vulnerablecode.io/api/packages/28822?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27"}],"aliases":["CVE-2024-26267","GHSA-2mvj-q2q3-wxjv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48hp-m4m8-cqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32544?format=json","vulnerability_id":"VCID-5gqq-m36a-53b6","summary":"Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25601","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35874","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25601"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601","reference_id":"cve-2024-25601","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T14:15:10Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25601","reference_id":"CVE-2024-25601","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25601"},{"reference_url":"https://github.com/advisories/GHSA-cr36-3vqf-x5w5","reference_id":"GHSA-cr36-3vqf-x5w5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr36-3vqf-x5w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25601","GHSA-cr36-3vqf-x5w5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5gqq-m36a-53b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211444?format=json","vulnerability_id":"VCID-6e5j-scss-jucz","summary":"Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41414","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42916","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42756","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41414"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/659c4422bd32b1db1a01a7f4a42b7702d512ffa2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/659c4422bd32b1db1a01a7f4a42b7702d512ffa2"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-01-insecure-defaults-auth-login-prompt-enabled?p_r_p_assetEntryId=121612026&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612026%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-01-insecure-defaults-auth-login-prompt-enabled?p_r_p_assetEntryId=121612026&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612026%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41414","reference_id":"CVE-2022-41414","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41414"},{"reference_url":"https://github.com/advisories/GHSA-9427-7f65-88c8","reference_id":"GHSA-9427-7f65-88c8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9427-7f65-88c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20156?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3"},{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2022-41414","GHSA-9427-7f65-88c8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6e5j-scss-jucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37371?format=json","vulnerability_id":"VCID-6jsv-kw7h-9yeu","summary":"The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38002","reference_id":"","reference_type":"","scores":[{"value":"0.04275","scoring_system":"epss","scoring_elements":"0.89122","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04275","scoring_system":"epss","scoring_elements":"0.89084","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38002"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38002","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38002"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002","reference_id":"CVE-2024-38002","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:21:03Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002"},{"reference_url":"https://github.com/advisories/GHSA-3mfq-fp2f-vwqh","reference_id":"GHSA-3mfq-fp2f-vwqh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3mfq-fp2f-vwqh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33988?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112"}],"aliases":["CVE-2024-38002","GHSA-3mfq-fp2f-vwqh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jsv-kw7h-9yeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32554?format=json","vulnerability_id":"VCID-6jw2-chce-suhn","summary":"The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25607","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27316","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27518","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25607"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607","reference_id":"cve-2024-25607","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-20T13:27:04Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25607","reference_id":"CVE-2024-25607","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25607"},{"reference_url":"https://github.com/advisories/GHSA-43h9-p3j4-39hm","reference_id":"GHSA-43h9-p3j4-39hm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43h9-p3j4-39hm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29147?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14"}],"aliases":["CVE-2024-25607","GHSA-43h9-p3j4-39hm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jw2-chce-suhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32561?format=json","vulnerability_id":"VCID-72my-1zwg-a7hx","summary":"The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25144","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5536","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55238","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25144"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144","reference_id":"cve-2024-25144","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:11:12Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25144","reference_id":"CVE-2024-25144","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25144"},{"reference_url":"https://github.com/advisories/GHSA-w275-m8cr-hf2v","reference_id":"GHSA-w275-m8cr-hf2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w275-m8cr-hf2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28822?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27"}],"aliases":["CVE-2024-25144","GHSA-w275-m8cr-hf2v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72my-1zwg-a7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/143947?format=json","vulnerability_id":"VCID-7ffj-jw2k-m3a6","summary":"Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33938","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5418","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54054","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33938"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33938","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33938"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938","reference_id":"cve-2023-33938","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:46:09Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938"},{"reference_url":"https://github.com/advisories/GHSA-wvhw-5m89-64gv","reference_id":"GHSA-wvhw-5m89-64gv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wvhw-5m89-64gv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23590?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.1"}],"aliases":["CVE-2023-33938","GHSA-wvhw-5m89-64gv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ffj-jw2k-m3a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165437?format=json","vulnerability_id":"VCID-88u7-stft-ebdh","summary":"HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28977","reference_id":"","reference_type":"","scores":[{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66955","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66862","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28977"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/242e8bcabe3e8767799d3d1e6c021a75b4ada11b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/242e8bcabe3e8767799d3d1e6c021a75b4ada11b"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/6389885476414d3cd9e3092b4708906a5bdc8a48","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/6389885476414d3cd9e3092b4708906a5bdc8a48"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/8aa3fd76f34d1a4562bd5b4f82931a0a124e31a8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/8aa3fd76f34d1a4562bd5b4f82931a0a124e31a8"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17327","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17327"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28977?p_r_p_assetEntryId=121612261&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612261%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28977?p_r_p_assetEntryId=121612261&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612261%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28977","reference_id":"CVE-2022-28977","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28977"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash","reference_id":"cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:00:44Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash"},{"reference_url":"https://web.archive.org/web/20220922060039/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash","reference_id":"CVE-2022-28977-HTMLUTIL.ESCAPEREDIRECT-CIRCUMVENTION-WITH-MULTIPLE-FORWARD-SLASH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220922060039/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash"},{"reference_url":"https://github.com/advisories/GHSA-w397-9p2j-6x23","reference_id":"GHSA-w397-9p2j-6x23","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w397-9p2j-6x23"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:00:44Z/"}],"url":"http://liferay.com"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27028?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j2r3-g95d-hued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4"},{"url":"http://public2.vulnerablecode.io/api/packages/27866?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2022-28977","GHSA-w397-9p2j-6x23"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88u7-stft-ebdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32585?format=json","vulnerability_id":"VCID-9u32-4n1x-77ce","summary":"HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25608","reference_id":"","reference_type":"","scores":[{"value":"0.1765","scoring_system":"epss","scoring_elements":"0.95266","published_at":"2026-06-12T12:55:00Z"},{"value":"0.1765","scoring_system":"epss","scoring_elements":"0.95251","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25608"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608","reference_id":"cve-2024-25608","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:50:15Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25608","reference_id":"CVE-2024-25608","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25608"},{"reference_url":"https://github.com/advisories/GHSA-548x-j6x6-hcv4","reference_id":"GHSA-548x-j6x6-hcv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-548x-j6x6-hcv4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29149?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19-ga19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19-ga19"},{"url":"http://public2.vulnerablecode.io/api/packages/587552?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.20"}],"aliases":["CVE-2024-25608","GHSA-548x-j6x6-hcv4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u32-4n1x-77ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165844?format=json","vulnerability_id":"VCID-9v1n-scdh-a3du","summary":"Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45320","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58686","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58797","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45320"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320","reference_id":"cve-2022-45320","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:24:47Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45320","reference_id":"CVE-2022-45320","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45320"},{"reference_url":"https://github.com/advisories/GHSA-mc8m-4r3w-q2hw","reference_id":"GHSA-mc8m-4r3w-q2hw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mc8m-4r3w-q2hw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29126?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16"}],"aliases":["CVE-2022-45320","GHSA-mc8m-4r3w-q2hw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v1n-scdh-a3du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41619?format=json","vulnerability_id":"VCID-a62g-s5j4-73fr","summary":"User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26268","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54216","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54091","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26268"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268","reference_id":"cve-2024-26268","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:17:11Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26268","reference_id":"CVE-2024-26268","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26268"},{"reference_url":"https://github.com/advisories/GHSA-qm43-g2xj-hvg5","reference_id":"GHSA-qm43-g2xj-hvg5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm43-g2xj-hvg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29161?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27"},{"url":"http://public2.vulnerablecode.io/api/packages/27861?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.28"}],"aliases":["CVE-2024-26268","GHSA-qm43-g2xj-hvg5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a62g-s5j4-73fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32244?format=json","vulnerability_id":"VCID-ank8-p9qa-9udx","summary":"Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25146","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60402","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60295","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25146"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146","reference_id":"cve-2024-25146","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:08Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25146","reference_id":"CVE-2024-25146","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25146"},{"reference_url":"https://github.com/advisories/GHSA-mqf8-4cqm-p83x","reference_id":"GHSA-mqf8-4cqm-p83x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqf8-4cqm-p83x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28818?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2"}],"aliases":["CVE-2024-25146","GHSA-mqf8-4cqm-p83x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ank8-p9qa-9udx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32605?format=json","vulnerability_id":"VCID-cn1e-v8j7-mfhp","summary":"Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25604","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25574","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25376","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25604"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604","reference_id":"cve-2024-25604","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:38:45Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25604","reference_id":"CVE-2024-25604","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25604"},{"reference_url":"https://github.com/advisories/GHSA-pw7p-3648-qqmg","reference_id":"GHSA-pw7p-3648-qqmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw7p-3648-qqmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27865?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/587546?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2024-25604","GHSA-pw7p-3648-qqmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cn1e-v8j7-mfhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32173?format=json","vulnerability_id":"VCID-d3cx-1jmf-cfc4","summary":"The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25151","reference_id":"","reference_type":"","scores":[{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62782","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.6268","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25151"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151","reference_id":"cve-2024-25151","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:59:16Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25151","reference_id":"CVE-2024-25151","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25151"},{"reference_url":"https://github.com/advisories/GHSA-hgr6-6hhw-883f","reference_id":"GHSA-hgr6-6hhw-883f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgr6-6hhw-883f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27867?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4"}],"aliases":["CVE-2024-25151","GHSA-hgr6-6hhw-883f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3cx-1jmf-cfc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32492?format=json","vulnerability_id":"VCID-ed9v-m3q5-6yaq","summary":"Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25602","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64421","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64523","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25602"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602","reference_id":"cve-2024-25602","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:23:34Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25602","reference_id":"CVE-2024-25602","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25602"},{"reference_url":"https://github.com/advisories/GHSA-v2xq-m22w-jmpr","reference_id":"GHSA-v2xq-m22w-jmpr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v2xq-m22w-jmpr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25602","GHSA-v2xq-m22w-jmpr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed9v-m3q5-6yaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41467?format=json","vulnerability_id":"VCID-efzj-vsre-1ygm","summary":"The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26265","reference_id":"","reference_type":"","scores":[{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.72298","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.72215","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26265"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265","reference_id":"cve-2024-26265","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:41:28Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26265","reference_id":"CVE-2024-26265","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26265"},{"reference_url":"https://github.com/advisories/GHSA-29xx-fhff-36m7","reference_id":"GHSA-29xx-fhff-36m7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29xx-fhff-36m7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29126?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16"}],"aliases":["CVE-2024-26265","GHSA-29xx-fhff-36m7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efzj-vsre-1ygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127620?format=json","vulnerability_id":"VCID-epds-vwku-cyed","summary":"A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3760","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36299","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.3648","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3760"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3760","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3760"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760","reference_id":"CVE-2025-3760","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:22:03Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760"},{"reference_url":"https://github.com/advisories/GHSA-qhp6-vp7c-g7xp","reference_id":"GHSA-qhp6-vp7c-g7xp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qhp6-vp7c-g7xp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376541?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-jpgh-rqqn-x7ge"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132"}],"aliases":["CVE-2025-3760","GHSA-qhp6-vp7c-g7xp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epds-vwku-cyed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32281?format=json","vulnerability_id":"VCID-g52h-8r1h-dfhe","summary":"Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25145","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35874","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25145"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145","reference_id":"cve-2024-25145","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-08T17:02:17Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25145","reference_id":"CVE-2024-25145","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25145"},{"reference_url":"https://github.com/advisories/GHSA-9vgq-w5pv-v77q","reference_id":"GHSA-9vgq-w5pv-v77q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vgq-w5pv-v77q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28806?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.12"}],"aliases":["CVE-2024-25145","GHSA-9vgq-w5pv-v77q"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g52h-8r1h-dfhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60411?format=json","vulnerability_id":"VCID-gngs-dm98-eqc2","summary":"Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11993","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38976","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38804","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11993"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11993","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11993"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993","reference_id":"CVE-2024-11993","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:24:48Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993"},{"reference_url":"https://github.com/advisories/GHSA-4hxr-28mv-q729","reference_id":"GHSA-4hxr-28mv-q729","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4hxr-28mv-q729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372328?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.39"}],"aliases":["CVE-2024-11993","GHSA-4hxr-28mv-q729"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gngs-dm98-eqc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208345?format=json","vulnerability_id":"VCID-h9vv-1cu6-jydx","summary":"Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38267","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39345","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39174","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38267"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/c3ad74d0664072c43da4d30a1d19be8cec3aa8bc","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/c3ad74d0664072c43da4d30a1d19be8cec3aa8bc"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17212","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17212"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38267-stored-xss-with-title-and-subtitle-of-blog-entry?p_r_p_assetEntryId=121611935&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611935%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38267-stored-xss-with-title-and-subtitle-of-blog-entry?p_r_p_assetEntryId=121611935&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611935%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38267","reference_id":"CVE-2021-38267","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38267"},{"reference_url":"https://github.com/advisories/GHSA-r39x-3qq4-gxmr","reference_id":"GHSA-r39x-3qq4-gxmr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39x-3qq4-gxmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19591?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.7-ga8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.7-ga8"},{"url":"http://public2.vulnerablecode.io/api/packages/20155?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-n65a-ycxy-pqgz"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-z611-svpn-m7b1"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.0"}],"aliases":["CVE-2021-38267","GHSA-r39x-3qq4-gxmr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9vv-1cu6-jydx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166477?format=json","vulnerability_id":"VCID-hpqu-qfg1-rygw","summary":"The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42130","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55991","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5587","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42130"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130","reference_id":"cve-2022-42130","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42130","reference_id":"CVE-2022-42130","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42130"},{"reference_url":"https://github.com/advisories/GHSA-mxvq-cv4x-p3jw","reference_id":"GHSA-mxvq-cv4x-p3jw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxvq-cv4x-p3jw"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17447","reference_id":"LPE-17447","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/"}],"url":"https://issues.liferay.com/browse/LPE-17447"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27866?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2022-42130","GHSA-mxvq-cv4x-p3jw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpqu-qfg1-rygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166439?format=json","vulnerability_id":"VCID-hvhc-kn1w-qkac","summary":"An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42129","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41015","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40848","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42129"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129","reference_id":"cve-2022-42129","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:27:45Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42129","reference_id":"CVE-2022-42129","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42129"},{"reference_url":"https://github.com/advisories/GHSA-g6x4-57hp-j4xm","reference_id":"GHSA-g6x4-57hp-j4xm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g6x4-57hp-j4xm"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:27:45Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17448","reference_id":"LPE-17448","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:27:45Z/"}],"url":"https://issues.liferay.com/browse/LPE-17448"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27866?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2022-42129","GHSA-g6x4-57hp-j4xm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvhc-kn1w-qkac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168111?format=json","vulnerability_id":"VCID-jg5a-j9vb-f7hk","summary":"The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a \"Content Page\" type page, allowing attackers to view unpublished \"Content Page\" pages via URL manipulation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39975","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36542","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36361","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39975"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-39975","reference_id":"cve-2022-39975","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:55:52Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-39975"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39975","reference_id":"CVE-2022-39975","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39975"},{"reference_url":"https://github.com/advisories/GHSA-83qx-288m-72w4","reference_id":"GHSA-83qx-288m-72w4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-83qx-288m-72w4"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:55:52Z/"}],"url":"http://liferay.com"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27011?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.35"}],"aliases":["CVE-2022-39975","GHSA-83qx-288m-72w4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jg5a-j9vb-f7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41348?format=json","vulnerability_id":"VCID-jh4y-y7np-9fav","summary":"Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26266","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35874","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26266"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266","reference_id":"cve-2024-26266","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:43:41Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26266","reference_id":"CVE-2024-26266","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26266"},{"reference_url":"https://github.com/advisories/GHSA-rwxc-4cmw-7x75","reference_id":"GHSA-rwxc-4cmw-7x75","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwxc-4cmw-7x75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29147?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14"}],"aliases":["CVE-2024-26266","GHSA-rwxc-4cmw-7x75"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jh4y-y7np-9fav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32590?format=json","vulnerability_id":"VCID-k469-ety8-rqby","summary":"The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25605","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40444","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40276","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25605"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605","reference_id":"cve-2024-25605","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:21:08Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25605","reference_id":"CVE-2024-25605","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25605"},{"reference_url":"https://github.com/advisories/GHSA-mf8h-grfg-j9j3","reference_id":"GHSA-mf8h-grfg-j9j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mf8h-grfg-j9j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27865?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/587546?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2024-25605","GHSA-mf8h-grfg-j9j3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k469-ety8-rqby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127548?format=json","vulnerability_id":"VCID-kke1-d8nw-tyhj","summary":"Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3639","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13879","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13763","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3639"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-18212","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-18212"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3639","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3639"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639","reference_id":"CVE-2025-3639","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-18T19:51:41Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639"},{"reference_url":"https://github.com/advisories/GHSA-g4wg-mpfg-x2q6","reference_id":"GHSA-g4wg-mpfg-x2q6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g4wg-mpfg-x2q6"}],"fixed_packages":[],"aliases":["CVE-2025-3639","GHSA-g4wg-mpfg-x2q6"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kke1-d8nw-tyhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32565?format=json","vulnerability_id":"VCID-mqut-n4an-x3cs","summary":"Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25150","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38647","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38474","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25150"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150","reference_id":"cve-2024-25150","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T14:56:08Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25150","reference_id":"CVE-2024-25150","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25150"},{"reference_url":"https://github.com/advisories/GHSA-4585-28v2-8h46","reference_id":"GHSA-4585-28v2-8h46","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4585-28v2-8h46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27028?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j2r3-g95d-hued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4"},{"url":"http://public2.vulnerablecode.io/api/packages/27866?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2024-25150","GHSA-4585-28v2-8h46"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqut-n4an-x3cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166447?format=json","vulnerability_id":"VCID-mzzp-psnm-muhm","summary":"ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42124","reference_id":"","reference_type":"","scores":[{"value":"0.01185","scoring_system":"epss","scoring_elements":"0.79264","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01185","scoring_system":"epss","scoring_elements":"0.79199","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42124"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42124","reference_id":"cve-2022-42124","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:49:41Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42124"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42124","reference_id":"CVE-2022-42124","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42124"},{"reference_url":"https://github.com/advisories/GHSA-vjj4-qwcm-552h","reference_id":"GHSA-vjj4-qwcm-552h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjj4-qwcm-552h"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:49:41Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17435","reference_id":"LPE-17435","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:49:41Z/"}],"url":"https://issues.liferay.com/browse/LPE-17435"},{"reference_url":"https://issues.liferay.com/browse/LPE-17535","reference_id":"LPE-17535","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:49:41Z/"}],"url":"https://issues.liferay.com/browse/LPE-17535"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27866?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2022-42124","GHSA-vjj4-qwcm-552h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzzp-psnm-muhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32282?format=json","vulnerability_id":"VCID-n634-fspx-judk","summary":"Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the \"Limit membership to members of the parent site\" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25149","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49567","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49703","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25149"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149","reference_id":"cve-2024-25149","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:46:50Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25149","reference_id":"CVE-2024-25149","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25149"},{"reference_url":"https://github.com/advisories/GHSA-qpgh-6v9w-vfv6","reference_id":"GHSA-qpgh-6v9w-vfv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpgh-6v9w-vfv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20156?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3"},{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25149","GHSA-qpgh-6v9w-vfv6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n634-fspx-judk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166487?format=json","vulnerability_id":"VCID-pcat-aa3f-kqeg","summary":"A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42123","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62338","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62236","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42123"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123","reference_id":"cve-2022-42123","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:56:31Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42123","reference_id":"CVE-2022-42123","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42123"},{"reference_url":"https://github.com/advisories/GHSA-hffx-r282-w2g9","reference_id":"GHSA-hffx-r282-w2g9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hffx-r282-w2g9"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:56:31Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17518","reference_id":"LPE-17518","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:56:31Z/"}],"url":"https://issues.liferay.com/browse/LPE-17518"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27879?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19"}],"aliases":["CVE-2022-42123","GHSA-hffx-r282-w2g9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcat-aa3f-kqeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144047?format=json","vulnerability_id":"VCID-ph4a-tj1g-ykc8","summary":"Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33939","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53439","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53313","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33939"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33939","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33939"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939","reference_id":"cve-2023-33939","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:45:50Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939"},{"reference_url":"https://github.com/advisories/GHSA-53mw-69qx-q4fc","reference_id":"GHSA-53mw-69qx-q4fc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-53mw-69qx-q4fc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29159?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13"}],"aliases":["CVE-2023-33939","GHSA-53mw-69qx-q4fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ph4a-tj1g-ykc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32370?format=json","vulnerability_id":"VCID-qztv-899y-sbb8","summary":"Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25147","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35013","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34833","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25147"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147","reference_id":"cve-2024-25147","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T16:15:43Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25147","reference_id":"CVE-2024-25147","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25147"},{"reference_url":"https://github.com/advisories/GHSA-xpjg-7hx7-wgcx","reference_id":"GHSA-xpjg-7hx7-wgcx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpjg-7hx7-wgcx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/587544?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.1-1"}],"aliases":["CVE-2024-25147","GHSA-xpjg-7hx7-wgcx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qztv-899y-sbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166593?format=json","vulnerability_id":"VCID-rjjs-an4q-6qaf","summary":"The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42126","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34725","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34547","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42126"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126","reference_id":"cve-2022-42126","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:31:00Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42126","reference_id":"CVE-2022-42126","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42126"},{"reference_url":"https://github.com/advisories/GHSA-642h-mx8q-47p2","reference_id":"GHSA-642h-mx8q-47p2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-642h-mx8q-47p2"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:31:00Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17593","reference_id":"LPE-17593","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:31:00Z/"}],"url":"https://issues.liferay.com/browse/LPE-17593"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/587560?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.29"},{"url":"http://public2.vulnerablecode.io/api/packages/27862?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d49a-szjx-jub1"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pac3-4jrs-pqdg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-s59m-uwgm-d7ed"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-te96-dz9q-z3cy"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.48"}],"aliases":["CVE-2022-42126","GHSA-642h-mx8q-47p2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjjs-an4q-6qaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32541?format=json","vulnerability_id":"VCID-rn7g-6h98-duek","summary":"The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25143","reference_id":"","reference_type":"","scores":[{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73551","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73478","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25143"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/29b73b9b896c7d44fb5d1800a402698c303d1cf6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/29b73b9b896c7d44fb5d1800a402698c303d1cf6"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4381c10ad0722b3b00c3e3567b68538ab0994145","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4381c10ad0722b3b00c3e3567b68538ab0994145"},{"reference_url":"https://github.com/liferay/liferay-portal/releases/tag/7.3.7-ga8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/releases/tag/7.3.7-ga8"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143","reference_id":"cve-2024-25143","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T20:07:01Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25143","reference_id":"CVE-2024-25143","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25143"},{"reference_url":"https://github.com/advisories/GHSA-87m3-6qj3-p3xh","reference_id":"GHSA-87m3-6qj3-p3xh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87m3-6qj3-p3xh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20152?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-z611-svpn-m7b1"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.7"}],"aliases":["CVE-2024-25143","GHSA-87m3-6qj3-p3xh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rn7g-6h98-duek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144180?format=json","vulnerability_id":"VCID-ser9-x7zq-dqdv","summary":"Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33944","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5418","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54054","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33944"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33944","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33944"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944","reference_id":"cve-2023-33944","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:45:15Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944"},{"reference_url":"https://github.com/advisories/GHSA-pfwc-4frf-4gf8","reference_id":"GHSA-pfwc-4frf-4gf8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pfwc-4frf-4gf8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381998?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.69","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d49a-szjx-jub1"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pac3-4jrs-pqdg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-te96-dz9q-z3cy"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.69"}],"aliases":["CVE-2023-33944","GHSA-pfwc-4frf-4gf8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ser9-x7zq-dqdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166388?format=json","vulnerability_id":"VCID-t2ys-d2mh-xygr","summary":"The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42132","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56306","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56187","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42132"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132","reference_id":"cve-2022-42132","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42132","reference_id":"CVE-2022-42132","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42132"},{"reference_url":"https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132","reference_id":"CVE-2022-42132","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"},{"reference_url":"https://github.com/advisories/GHSA-f43m-hhj4-q3jg","reference_id":"GHSA-f43m-hhj4-q3jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f43m-hhj4-q3jg"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17438","reference_id":"LPE-17438","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"https://issues.liferay.com/browse/LPE-17438"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27865?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/587546?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2022-42132","GHSA-f43m-hhj4-q3jg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ys-d2mh-xygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32286?format=json","vulnerability_id":"VCID-tgpb-tps9-wfd5","summary":"Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25152","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35874","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25152"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152","reference_id":"cve-2024-25152","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T19:54:47Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25152","reference_id":"CVE-2024-25152","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25152"},{"reference_url":"https://github.com/advisories/GHSA-p28x-4r5h-ph6j","reference_id":"GHSA-p28x-4r5h-ph6j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p28x-4r5h-ph6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/587545?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25152","GHSA-p28x-4r5h-ph6j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgpb-tps9-wfd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166398?format=json","vulnerability_id":"VCID-trgc-963v-9ue4","summary":"Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42131","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32164","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31979","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42131"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131","reference_id":"cve-2022-42131","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42131","reference_id":"CVE-2022-42131","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42131"},{"reference_url":"https://github.com/advisories/GHSA-cx84-43xc-3gm2","reference_id":"GHSA-cx84-43xc-3gm2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cx84-43xc-3gm2"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/"}],"url":"http://liferay.com"},{"reference_url":"https://issues.liferay.com/browse/LPE-17377","reference_id":"LPE-17377","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/"}],"url":"https://issues.liferay.com/browse/LPE-17377"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27867?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4"}],"aliases":["CVE-2022-42131","GHSA-cx84-43xc-3gm2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trgc-963v-9ue4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88385?format=json","vulnerability_id":"VCID-u5rg-89bb-wbfy","summary":"Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form with a rich text type field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43830","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09382","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09436","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43830"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43830","reference_id":"CVE-2025-43830","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-08T13:36:35Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43830"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43830","reference_id":"CVE-2025-43830","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43830"},{"reference_url":"https://github.com/advisories/GHSA-378f-8q54-3fqx","reference_id":"GHSA-378f-8q54-3fqx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-378f-8q54-3fqx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33988?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112"}],"aliases":["CVE-2025-43830","GHSA-378f-8q54-3fqx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5rg-89bb-wbfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41446?format=json","vulnerability_id":"VCID-u9gz-jcnn-syby","summary":"Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the p_l_back_url parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26272","reference_id":"","reference_type":"","scores":[{"value":"0.03261","scoring_system":"epss","scoring_elements":"0.87478","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03261","scoring_system":"epss","scoring_elements":"0.87434","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26272"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26272","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26272"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26272","reference_id":"CVE-2024-26272","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:15:06Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26272"},{"reference_url":"https://github.com/advisories/GHSA-p63m-vmjr-wg37","reference_id":"GHSA-p63m-vmjr-wg37","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p63m-vmjr-wg37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34841?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108"},{"url":"http://public2.vulnerablecode.io/api/packages/372003?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-qxsh-hm7q-5ban"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112"}],"aliases":["CVE-2024-26272","GHSA-p63m-vmjr-wg37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9gz-jcnn-syby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144121?format=json","vulnerability_id":"VCID-ughz-r7ds-6qfu","summary":"SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33945","reference_id":"","reference_type":"","scores":[{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71433","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71346","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33945"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33945","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33945"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33945","reference_id":"cve-2023-33945","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:49:11Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33945"},{"reference_url":"https://github.com/advisories/GHSA-g7vw-43xg-8m4h","reference_id":"GHSA-g7vw-43xg-8m4h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g7vw-43xg-8m4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29249?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.18"}],"aliases":["CVE-2023-33945","GHSA-g7vw-43xg-8m4h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ughz-r7ds-6qfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32167?format=json","vulnerability_id":"VCID-umd8-9ypn-zkdk","summary":"In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25148","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63306","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63204","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25148"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148","reference_id":"cve-2024-25148","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T17:33:36Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25148","reference_id":"CVE-2024-25148","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25148"},{"reference_url":"https://github.com/advisories/GHSA-qwj8-qgpr-8crm","reference_id":"GHSA-qwj8-qgpr-8crm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwj8-qgpr-8crm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28818?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-7tdg-swnf-53cb"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2"}],"aliases":["CVE-2024-25148","GHSA-qwj8-qgpr-8crm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umd8-9ypn-zkdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32181?format=json","vulnerability_id":"VCID-uu4f-gvmj-7key","summary":"In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25610","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28249","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28445","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25610"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610","reference_id":"cve-2024-25610","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-28T13:32:33Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25610","reference_id":"CVE-2024-25610","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25610"},{"reference_url":"https://github.com/advisories/GHSA-vvpf-53qx-cxhh","reference_id":"GHSA-vvpf-53qx-cxhh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvpf-53qx-cxhh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29159?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13"}],"aliases":["CVE-2024-25610","GHSA-vvpf-53qx-cxhh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uu4f-gvmj-7key"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32378?format=json","vulnerability_id":"VCID-uxjd-h6fd-sbgf","summary":"HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25609","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49895","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49759","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25609"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609","reference_id":"cve-2024-25609","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T19:18:48Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25609","reference_id":"CVE-2024-25609","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25609"},{"reference_url":"https://github.com/advisories/GHSA-3qq5-wcrx-4h8r","reference_id":"GHSA-3qq5-wcrx-4h8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qq5-wcrx-4h8r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29156?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13-ga13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13-ga13"},{"url":"http://public2.vulnerablecode.io/api/packages/29147?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14"}],"aliases":["CVE-2024-25609","GHSA-3qq5-wcrx-4h8r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxjd-h6fd-sbgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88820?format=json","vulnerability_id":"VCID-whty-vwsm-t7gt","summary":"Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43748","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11044","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10981","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43748"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17839","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17839"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43748","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43748"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748","reference_id":"CVE-2025-43748","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-22T03:55:44Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748"},{"reference_url":"https://github.com/advisories/GHSA-p9gc-59hf-x48p","reference_id":"GHSA-p9gc-59hf-x48p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p9gc-59hf-x48p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377797?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpgh-rqqn-x7ge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120"},{"url":"http://public2.vulnerablecode.io/api/packages/787947?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-jpgh-rqqn-x7ge"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125"}],"aliases":["CVE-2025-43748","GHSA-p9gc-59hf-x48p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-whty-vwsm-t7gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32263?format=json","vulnerability_id":"VCID-xy7e-q9wh-fkh4","summary":"XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25606","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34157","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33981","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25606"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606","reference_id":"cve-2024-25606","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T13:32:40Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25606","reference_id":"CVE-2024-25606","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25606"},{"reference_url":"https://github.com/advisories/GHSA-869h-qhfx-w939","reference_id":"GHSA-869h-qhfx-w939","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-869h-qhfx-w939"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29141?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-vh4z-622g-j7d6"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-yagv-6mp3-v7hf"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.8"}],"aliases":["CVE-2024-25606","GHSA-869h-qhfx-w939"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xy7e-q9wh-fkh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41350?format=json","vulnerability_id":"VCID-yp7c-xgj7-s3h2","summary":"Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26269","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35013","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34833","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26269"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269","reference_id":"cve-2024-26269","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T16:16:54Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26269","reference_id":"CVE-2024-26269","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26269"},{"reference_url":"https://github.com/advisories/GHSA-rwhv-hvj2-qrqm","reference_id":"GHSA-rwhv-hvj2-qrqm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwhv-hvj2-qrqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29243?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-ngxr-vbaj"},{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-493t-ab65-pff3"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5sft-4ab1-9kcg"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k56t-ry18-zbg4"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.38"}],"aliases":["CVE-2024-26269","GHSA-rwhv-hvj2-qrqm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp7c-xgj7-s3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135351?format=json","vulnerability_id":"VCID-zc53-8p5g-2kcv","summary":"Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42496","reference_id":"","reference_type":"","scores":[{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63728","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63626","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42496"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496","reference_id":"cve-2023-42496","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:07:22Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42496","reference_id":"CVE-2023-42496","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42496"},{"reference_url":"https://github.com/advisories/GHSA-54pv-r62j-9qqc","reference_id":"GHSA-54pv-r62j-9qqc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54pv-r62j-9qqc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29233?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d49a-szjx-jub1"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k7dn-nb9d-ckdk"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-qxsh-hm7q-5ban"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-twyc-srx8-fudj"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98"}],"aliases":["CVE-2023-42496","GHSA-54pv-r62j-9qqc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zc53-8p5g-2kcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138648?format=json","vulnerability_id":"VCID-zkm4-bz55-9bb8","summary":"Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37940","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38976","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38804","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37940"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37940","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37940"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940","reference_id":"CVE-2023-37940","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940"},{"reference_url":"https://github.com/advisories/GHSA-px38-239g-x5mg","reference_id":"GHSA-px38-239g-x5mg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-px38-239g-x5mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372310?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-99sz-6eag-3kff"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d49a-szjx-jub1"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-deaj-uts6-aqb5"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hqwn-t5mr-13ab"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k7dn-nb9d-ckdk"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-pac3-4jrs-pqdg"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-qxsh-hm7q-5ban"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-twyc-srx8-fudj"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88"}],"aliases":["CVE-2023-37940","GHSA-px38-239g-x5mg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkm4-bz55-9bb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34499?format=json","vulnerability_id":"VCID-zn2s-8c79-x7h3","summary":"The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173\n does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8980","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.60057","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59949","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8980"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8980","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8980"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980","reference_id":"CVE-2024-8980","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:02:17Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980"},{"reference_url":"https://github.com/advisories/GHSA-chj2-4vg7-hhg3","reference_id":"GHSA-chj2-4vg7-hhg3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-chj2-4vg7-hhg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371922?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102"},{"url":"http://public2.vulnerablecode.io/api/packages/696549?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cm9-v7g5-kfcn"},{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5rce-t9wm-4ycx"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-73u9-6qzv-t7f7"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-9seq-71yb-tfcf"},{"vulnerability":"VCID-beqe-x5p8-23b9"},{"vulnerability":"VCID-c2hc-pbr7-2yhz"},{"vulnerability":"VCID-d9qm-h8q2-sfda"},{"vulnerability":"VCID-dztj-3hzz-3bcg"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ep8t-7k2h-2kdp"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-evtz-a8xn-e7b6"},{"vulnerability":"VCID-f6z5-3pp9-7qey"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hthn-qn9g-u3dv"},{"vulnerability":"VCID-j2r3-g95d-hued"},{"vulnerability":"VCID-k7dn-nb9d-ckdk"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mmy3-eycu-q7bu"},{"vulnerability":"VCID-p1dw-dttz-x7ee"},{"vulnerability":"VCID-p3dp-ku5j-yke9"},{"vulnerability":"VCID-ph25-5qgg-zfer"},{"vulnerability":"VCID-qxsh-hm7q-5ban"},{"vulnerability":"VCID-rcmj-djgg-bqf7"},{"vulnerability":"VCID-tgj6-8vhq-23ae"},{"vulnerability":"VCID-tkws-gscx-pff6"},{"vulnerability":"VCID-twb2-9ane-tfdw"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-vcth-rrmy-5qej"},{"vulnerability":"VCID-w2a5-j7ew-mbet"},{"vulnerability":"VCID-w71u-16bg-nke4"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xftu-6k5q-7ub6"},{"vulnerability":"VCID-xvs7-58y1-3ybj"},{"vulnerability":"VCID-y38f-84j9-fygf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103"}],"aliases":["CVE-2024-8980","GHSA-chj2-4vg7-hhg3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zn2s-8c79-x7h3"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210421?format=json","vulnerability_id":"VCID-91rc-5gz3-dbcf","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29048","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6533","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6523","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29048"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601"},{"reference_url":"https://web.archive.org/web/20210524222536/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524222536/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29048","reference_id":"CVE-2021-29048","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29048"},{"reference_url":"https://github.com/advisories/GHSA-4fx8-82f3-xcpc","reference_id":"GHSA-4fx8-82f3-xcpc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4fx8-82f3-xcpc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29048","GHSA-4fx8-82f3-xcpc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91rc-5gz3-dbcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210418?format=json","vulnerability_id":"VCID-bmbd-g58w-z3gy","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29051","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55327","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55205","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29051"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"},{"reference_url":"https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29051","reference_id":"CVE-2021-29051","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29051"},{"reference_url":"https://github.com/advisories/GHSA-jvvx-8g42-9559","reference_id":"GHSA-jvvx-8g42-9559","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvvx-8g42-9559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29051","GHSA-jvvx-8g42-9559"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmbd-g58w-z3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210414?format=json","vulnerability_id":"VCID-cn4z-f8ej-ruha","summary":"Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29047","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52786","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52658","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29047"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29047","reference_id":"CVE-2021-29047","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29047"},{"reference_url":"https://github.com/advisories/GHSA-9mxg-p873-6793","reference_id":"GHSA-9mxg-p873-6793","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9mxg-p873-6793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29047","GHSA-9mxg-p873-6793"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cn4z-f8ej-ruha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210425?format=json","vulnerability_id":"VCID-g6wt-vwuh-cua8","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29044","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6523","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6533","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29044"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29044","reference_id":"CVE-2021-29044","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29044"},{"reference_url":"https://github.com/advisories/GHSA-wcr5-3q96-c2gr","reference_id":"GHSA-wcr5-3q96-c2gr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcr5-3q96-c2gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29044","GHSA-wcr5-3q96-c2gr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6wt-vwuh-cua8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210419?format=json","vulnerability_id":"VCID-qaj9-m3df-7qbr","summary":"Liferay Portal and Liferay DXP Fails to Check Permissions","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29052","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27557","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27759","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29052"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29052","reference_id":"CVE-2021-29052","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29052"},{"reference_url":"https://github.com/advisories/GHSA-pr7v-qv65-rp9m","reference_id":"GHSA-pr7v-qv65-rp9m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr7v-qv65-rp9m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29052","GHSA-pr7v-qv65-rp9m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qaj9-m3df-7qbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210422?format=json","vulnerability_id":"VCID-sqsw-skt9-93dt","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29045","reference_id":"","reference_type":"","scores":[{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51526","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51656","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29045"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743484","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743484"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29045","reference_id":"CVE-2021-29045","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29045"},{"reference_url":"https://github.com/advisories/GHSA-qcv4-gv43-498v","reference_id":"GHSA-qcv4-gv43-498v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcv4-gv43-498v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29045","GHSA-qcv4-gv43-498v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqsw-skt9-93dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210423?format=json","vulnerability_id":"VCID-t5h8-q4q5-a3em","summary":"Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29053","reference_id":"","reference_type":"","scores":[{"value":"0.00449","scoring_system":"epss","scoring_elements":"0.64141","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00449","scoring_system":"epss","scoring_elements":"0.64038","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29053"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29053","reference_id":"CVE-2021-29053","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29053"},{"reference_url":"https://github.com/advisories/GHSA-f9wj-c5pc-g9rh","reference_id":"GHSA-f9wj-c5pc-g9rh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f9wj-c5pc-g9rh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29053","GHSA-f9wj-c5pc-g9rh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5h8-q4q5-a3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210420?format=json","vulnerability_id":"VCID-v9m5-8c56-tuhb","summary":"Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29043","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42759","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42597","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29043"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515"},{"reference_url":"https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29043","reference_id":"CVE-2021-29043","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29043"},{"reference_url":"https://github.com/advisories/GHSA-xx2h-2hf5-v7vv","reference_id":"GHSA-xx2h-2hf5-v7vv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx2h-2hf5-v7vv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23367?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bjj-tjj8-pudd"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6e5j-scss-jucz"},{"vulnerability":"VCID-6jsv-kw7h-9yeu"},{"vulnerability":"VCID-6jw2-chce-suhn"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-7ffj-jw2k-m3a6"},{"vulnerability":"VCID-88u7-stft-ebdh"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-9v1n-scdh-a3du"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-cn1e-v8j7-mfhp"},{"vulnerability":"VCID-d3cx-1jmf-cfc4"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-efzj-vsre-1ygm"},{"vulnerability":"VCID-epds-vwku-cyed"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-gngs-dm98-eqc2"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hpqu-qfg1-rygw"},{"vulnerability":"VCID-hvhc-kn1w-qkac"},{"vulnerability":"VCID-jg5a-j9vb-f7hk"},{"vulnerability":"VCID-jh4y-y7np-9fav"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-kke1-d8nw-tyhj"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-mzzp-psnm-muhm"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-pcat-aa3f-kqeg"},{"vulnerability":"VCID-ph4a-tj1g-ykc8"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-rjjs-an4q-6qaf"},{"vulnerability":"VCID-rn7g-6h98-duek"},{"vulnerability":"VCID-ser9-x7zq-dqdv"},{"vulnerability":"VCID-t2ys-d2mh-xygr"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-trgc-963v-9ue4"},{"vulnerability":"VCID-u5rg-89bb-wbfy"},{"vulnerability":"VCID-u9gz-jcnn-syby"},{"vulnerability":"VCID-ughz-r7ds-6qfu"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-uu4f-gvmj-7key"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-whty-vwsm-t7gt"},{"vulnerability":"VCID-xy7e-q9wh-fkh4"},{"vulnerability":"VCID-yp7c-xgj7-s3h2"},{"vulnerability":"VCID-zc53-8p5g-2kcv"},{"vulnerability":"VCID-zkm4-bz55-9bb8"},{"vulnerability":"VCID-zn2s-8c79-x7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29043","GHSA-xx2h-2hf5-v7vv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9m5-8c56-tuhb"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}