Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.translation.web@2.0.58

Type maven

Namespace com.liferay

Name com.liferay.translation.web

Version 2.0.58

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.0.86

Latest_non_vulnerable_version 2.0.86

Affected_by_vulnerabilities

url VCID-qfdp-4b77-uqda

vulnerability_id VCID-qfdp-4b77-uqda

summary Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-42497

reference_id

reference_type

scores

value	0.00192
scoring_system	epss
scoring_elements	0.41165
published_at	2026-06-13T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41155
published_at	2026-06-14T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.40977
published_at	2026-06-11T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41144
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-42497

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497?p_r_p_assetEntryId=122124913&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D122124913%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-42497

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-42497

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497

reference_id

cve-2023-42497

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T16:32:09Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497

reference_url

https://github.com/advisories/GHSA-w2g3-j73q-7qv7

reference_id

GHSA-w2g3-j73q-7qv7

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w2g3-j73q-7qv7

fixed_packages

url	pkg:maven/com.liferay/com.liferay.translation.web@2.0.86
purl	pkg:maven/com.liferay/com.liferay.translation.web@2.0.86
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.translation.web@2.0.86

aliases CVE-2023-42497, GHSA-w2g3-j73q-7qv7

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfdp-4b77-uqda

Fixing_vulnerabilities

url VCID-n2zu-prgr-dkfn

vulnerability_id VCID-n2zu-prgr-dkfn

summary The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-38512

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44913
published_at	2026-06-14T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44761
published_at	2026-06-11T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44911
published_at	2026-06-12T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44926
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-38512

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/1934094578ddcd2c1f3d37593b493d3991a6a20f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/1934094578ddcd2c1f3d37593b493d3991a6a20f

reference_url

https://github.com/liferay/liferay-portal/commit/48fd5698fc1935a90e9c5013c328dbc369ba353d

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/48fd5698fc1935a90e9c5013c328dbc369ba353d

reference_url

https://liferay.atlassian.net/browse/LPE-17610

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17610

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-38512?p_r_p_assetEntryId=121612585&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612585%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512

reference_id

cve-2022-38512

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:08:04Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-38512

reference_id

CVE-2022-38512

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-38512

reference_url

https://github.com/advisories/GHSA-h9ww-wjg4-jvvg

reference_id

GHSA-h9ww-wjg4-jvvg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h9ww-wjg4-jvvg

reference_url

http://liferay.com

reference_id

liferay.com

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:08:04Z/

url

http://liferay.com

fixed_packages

url pkg:maven/com.liferay/com.liferay.translation.web@2.0.58

purl pkg:maven/com.liferay/com.liferay.translation.web@2.0.58

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qfdp-4b77-uqda

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.translation.web@2.0.58

aliases CVE-2022-38512, GHSA-h9ww-wjg4-jvvg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2zu-prgr-dkfn

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.translation.web@2.0.58

Package Instance