Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u8

Type maven

Namespace com.liferay.portal

Name release.dxp.bom

Version 7.4.13.u8

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.4.13.u93

Latest_non_vulnerable_version 2025.Q2.10

Affected_by_vulnerabilities

url VCID-48hp-m4m8-cqge

vulnerability_id VCID-48hp-m4m8-cqge

summary In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26267

reference_id

reference_type

scores

value	0.00224
scoring_system	epss
scoring_elements	0.45224
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26267

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95

reference_url

https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c

reference_url

https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267

reference_id

cve-2024-26267

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:20:52Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26267

reference_id

CVE-2024-26267

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26267

reference_url

https://github.com/advisories/GHSA-2mvj-q2q3-wxjv

reference_id

GHSA-2mvj-q2q3-wxjv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2mvj-q2q3-wxjv

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4jau-1np8-6fd5

vulnerability	VCID-72my-1zwg-a7hx

vulnerability	VCID-a62g-s5j4-73fr

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n2zu-prgr-dkfn

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26

aliases CVE-2024-26267, GHSA-2mvj-q2q3-wxjv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48hp-m4m8-cqge

url VCID-4jau-1np8-6fd5

vulnerability_id VCID-4jau-1np8-6fd5

summary A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42114

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.42023
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42114

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/ba9a07ee8d1aa04a9da352e9b6a776313b8ce5e9

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ba9a07ee8d1aa04a9da352e9b6a776313b8ce5e9

reference_url

https://liferay.atlassian.net/browse/LPE-17609

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17609

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42114?p_r_p_assetEntryId=121613086&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613086%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42114

reference_id

cve-2022-42114

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:40:21Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42114

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42114

reference_id

CVE-2022-42114

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42114

reference_url

https://web.archive.org/web/20221019022055/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42114

reference_id

CVE-2022-42114

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20221019022055/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42114

reference_url

https://github.com/advisories/GHSA-cmrw-cgfc-v6x2

reference_id

GHSA-cmrw-cgfc-v6x2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cmrw-cgfc-v6x2

reference_url

http://liferay.com

reference_id

liferay.com

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:40:21Z/

url

http://liferay.com

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u37

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u37

aliases CVE-2022-42114, GHSA-cmrw-cgfc-v6x2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4jau-1np8-6fd5

url VCID-72my-1zwg-a7hx

vulnerability_id VCID-72my-1zwg-a7hx

summary The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25144

reference_id

reference_type

scores

value	0.00318
scoring_system	epss
scoring_elements	0.55238
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25144

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144

reference_id

cve-2024-25144

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:11:12Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-25144

reference_id

CVE-2024-25144

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-25144

reference_url

https://github.com/advisories/GHSA-w275-m8cr-hf2v

reference_id

GHSA-w275-m8cr-hf2v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w275-m8cr-hf2v

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4jau-1np8-6fd5

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n2zu-prgr-dkfn

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27

aliases CVE-2024-25144, GHSA-w275-m8cr-hf2v

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72my-1zwg-a7hx

url VCID-8uqz-bc88-ybcc

vulnerability_id VCID-8uqz-bc88-ybcc

summary A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42120

reference_id

reference_type

scores

value	0.00815
scoring_system	epss
scoring_elements	0.74723
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42120

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/6f94d203f5a194a64055e1e0ba0224d26ec54e47

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/6f94d203f5a194a64055e1e0ba0224d26ec54e47

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42120

reference_id

cve-2022-42120

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-05T17:26:30Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42120

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42120

reference_id

CVE-2022-42120

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42120

reference_url

https://web.archive.org/web/20220801000000*/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42120

reference_id

CVE-2022-42120

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20220801000000*/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42120

reference_url

https://github.com/advisories/GHSA-r5fj-j449-vqw2

reference_id

GHSA-r5fj-j449-vqw2

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r5fj-j449-vqw2

reference_url

http://liferay.com

reference_id

liferay.com

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-05T17:26:30Z/

url

http://liferay.com

reference_url

https://issues.liferay.com/browse/LPE-17513

reference_id

LPE-17513

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-05T17:26:30Z/

url

https://issues.liferay.com/browse/LPE-17513

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u17

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48hp-m4m8-cqge

vulnerability	VCID-4jau-1np8-6fd5

vulnerability	VCID-72my-1zwg-a7hx

vulnerability	VCID-9u32-4n1x-77ce

vulnerability	VCID-a62g-s5j4-73fr

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n2zu-prgr-dkfn

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-way6-hfht-aya6

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u17

aliases CVE-2022-42120, GHSA-r5fj-j449-vqw2

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uqz-bc88-ybcc

url VCID-9u32-4n1x-77ce

vulnerability_id VCID-9u32-4n1x-77ce

summary HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25608

reference_id

reference_type

scores

value	0.1765
scoring_system	epss
scoring_elements	0.95251
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25608

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae

reference_url

https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608

reference_id

cve-2024-25608

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:50:15Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-25608

reference_id

CVE-2024-25608

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-25608

reference_url

https://github.com/advisories/GHSA-548x-j6x6-hcv4

reference_id

GHSA-548x-j6x6-hcv4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-548x-j6x6-hcv4

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48hp-m4m8-cqge

vulnerability	VCID-4jau-1np8-6fd5

vulnerability	VCID-72my-1zwg-a7hx

vulnerability	VCID-a62g-s5j4-73fr

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n2zu-prgr-dkfn

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-way6-hfht-aya6

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19

aliases CVE-2024-25608, GHSA-548x-j6x6-hcv4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u32-4n1x-77ce

url VCID-a62g-s5j4-73fr

vulnerability_id VCID-a62g-s5j4-73fr

summary User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26268

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.54091
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26268

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93

reference_url

https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268

reference_id

cve-2024-26268

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:17:11Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26268

reference_id

CVE-2024-26268

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26268

reference_url

https://github.com/advisories/GHSA-qm43-g2xj-hvg5

reference_id

GHSA-qm43-g2xj-hvg5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qm43-g2xj-hvg5

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4jau-1np8-6fd5

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n2zu-prgr-dkfn

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27

aliases CVE-2024-26268, GHSA-qm43-g2xj-hvg5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a62g-s5j4-73fr

url VCID-epds-vwku-cyed

vulnerability_id VCID-epds-vwku-cyed

summary A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3760

reference_id

reference_type

scores

value	0.00157
scoring_system	epss
scoring_elements	0.36299
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3760

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-3760

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-3760

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760

reference_id

CVE-2025-3760

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:22:03Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760

reference_url	https://github.com/advisories/GHSA-qhp6-vp7c-g7xp
reference_id	GHSA-qhp6-vp7c-g7xp
reference_type
scores
url	https://github.com/advisories/GHSA-qhp6-vp7c-g7xp

fixed_packages

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93

url	pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q1.13
purl	pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q1.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q1.13

url pkg:maven/com.liferay.portal/release.dxp.bom@2024.q1.13

purl pkg:maven/com.liferay.portal/release.dxp.bom@2024.q1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mmy3-eycu-q7bu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.q1.13

url pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.0

purl pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mmy3-eycu-q7bu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.0

url	pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q3.10
purl	pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q3.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q3.10

url pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.10

purl pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mmy3-eycu-q7bu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.10

url	pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q1.0
purl	pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q1.0

url pkg:maven/com.liferay.portal/release.dxp.bom@2025.q1.0

purl pkg:maven/com.liferay.portal/release.dxp.bom@2025.q1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mmy3-eycu-q7bu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2025.q1.0

aliases CVE-2025-3760, GHSA-qhp6-vp7c-g7xp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epds-vwku-cyed

url VCID-evf7-f2j5-rqhr

vulnerability_id VCID-evf7-f2j5-rqhr

summary Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-44310

reference_id

reference_type

scores

value	0.00199
scoring_system	epss
scoring_elements	0.41971
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-44310

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/45931175b6ae14df089f0304f86b5b0f66ac3c02

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/45931175b6ae14df089f0304f86b5b0f66ac3c02

reference_url

https://liferay.atlassian.net/browse/LPE-17725

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17725

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310?p_r_p_assetEntryId=122124880&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D122124880%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-44310

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-44310

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310

reference_id

cve-2023-44310

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T16:31:02Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310

reference_url

https://github.com/advisories/GHSA-j5gv-w838-mmcx

reference_id

GHSA-j5gv-w838-mmcx

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j5gv-w838-mmcx

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u79

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u79

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-huvy-gpy3-v3dp

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u79

aliases CVE-2023-44310, GHSA-j5gv-w838-mmcx

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evf7-f2j5-rqhr

url VCID-gngs-dm98-eqc2

vulnerability_id VCID-gngs-dm98-eqc2

summary Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11993

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.38804
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11993

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-11993

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-11993

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993

reference_id

CVE-2024-11993

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:24:48Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993

reference_url	https://github.com/advisories/GHSA-4hxr-28mv-q729
reference_id	GHSA-4hxr-28mv-q729
reference_type
scores
url	https://github.com/advisories/GHSA-4hxr-28mv-q729

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u39

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u39

aliases CVE-2024-11993, GHSA-4hxr-28mv-q729

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gngs-dm98-eqc2

url VCID-j1vh-25uj-ukga

vulnerability_id VCID-j1vh-25uj-ukga

summary A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42116

reference_id

reference_type

scores

value	0.00197
scoring_system	epss
scoring_elements	0.41726
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42116

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/ed2b59aa7db94c05c2be9ff5fda1d26ae7b00948

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ed2b59aa7db94c05c2be9ff5fda1d26ae7b00948

reference_url

https://liferay.atlassian.net/browse/LPE-17480

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17480

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42116?p_r_p_assetEntryId=121613012&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613012%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116

reference_id

cve-2022-42116

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T14:38:42Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42116

reference_id

CVE-2022-42116

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42116

reference_url

https://web.archive.org/web/20221019032312/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116

reference_id

CVE-2022-42116

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20221019032312/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116

reference_url

https://github.com/advisories/GHSA-67jp-27jj-6x85

reference_id

GHSA-67jp-27jj-6x85

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-67jp-27jj-6x85

reference_url

http://liferay.com

reference_id

liferay.com

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T14:38:42Z/

url

http://liferay.com

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u15

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48hp-m4m8-cqge

vulnerability	VCID-4jau-1np8-6fd5

vulnerability	VCID-72my-1zwg-a7hx

vulnerability	VCID-8uqz-bc88-ybcc

vulnerability	VCID-9u32-4n1x-77ce

vulnerability	VCID-a62g-s5j4-73fr

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-kqsk-3dby-s3dh

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n2zu-prgr-dkfn

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-way6-hfht-aya6

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u15

aliases CVE-2022-42116, GHSA-67jp-27jj-6x85

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1vh-25uj-ukga

url VCID-kpwb-z5k7-bqa8

vulnerability_id VCID-kpwb-z5k7-bqa8

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-42628

reference_id

reference_type

scores

value	0.00159
scoring_system	epss
scoring_elements	0.36604
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-42628

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-42628

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-42628

reference_url

https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal

reference_url

https://github.com/advisories/GHSA-hv45-r2f5-fmhj

reference_id

GHSA-hv45-r2f5-fmhj

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hv45-r2f5-fmhj

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-huvy-gpy3-v3dp

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n512-h3fa-xbh7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

aliases CVE-2023-42628, GHSA-hv45-r2f5-fmhj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpwb-z5k7-bqa8

url VCID-kqsk-3dby-s3dh

vulnerability_id VCID-kqsk-3dby-s3dh

summary A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42117

reference_id

reference_type

scores

value	0.00118
scoring_system	epss
scoring_elements	0.30292
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42117

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/a0d25a757f002c39d02b93938bc11feb3b0de6f6

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/a0d25a757f002c39d02b93938bc11feb3b0de6f6

reference_url

https://liferay.atlassian.net/browse/LPE-17497

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17497

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42117?p_r_p_assetEntryId=121613244&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613244%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117

reference_id

cve-2022-42117

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T17:58:40Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42117

reference_id

CVE-2022-42117

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42117

reference_url

https://web.archive.org/web/20221205223431/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117

reference_id

CVE-2022-42117

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20221205223431/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117

reference_url

https://github.com/advisories/GHSA-g6r2-6x46-jpp6

reference_id

GHSA-g6r2-6x46-jpp6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g6r2-6x46-jpp6

reference_url

http://liferay.com

reference_id

liferay.com

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T17:58:40Z/

url

http://liferay.com

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u17

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48hp-m4m8-cqge

vulnerability	VCID-4jau-1np8-6fd5

vulnerability	VCID-72my-1zwg-a7hx

vulnerability	VCID-9u32-4n1x-77ce

vulnerability	VCID-a62g-s5j4-73fr

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n2zu-prgr-dkfn

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-way6-hfht-aya6

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u17

aliases CVE-2022-42117, GHSA-g6r2-6x46-jpp6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsk-3dby-s3dh

url VCID-mmy3-eycu-q7bu

vulnerability_id VCID-mmy3-eycu-q7bu

summary A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript through Custom Object field label. The malicious payload is stored and executed through Process Builder's Configuration tab without proper escaping.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43776

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13922
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43776

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.atlassian.net/browse/LPE-18277

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18277

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43776

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43776

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43776

reference_id

CVE-2025-43776

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T15:04:48Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43776

reference_url	https://github.com/advisories/GHSA-rcc7-jx7p-hrv4
reference_id	GHSA-rcc7-jx7p-hrv4
reference_type
scores
url	https://github.com/advisories/GHSA-rcc7-jx7p-hrv4

fixed_packages

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93

url	pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q1.20
purl	pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q1.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q1.20

url	pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q1.17
purl	pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q1.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q1.17

url	pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q2.10
purl	pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q2.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q2.10

aliases CVE-2025-43776, GHSA-rcc7-jx7p-hrv4

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmy3-eycu-q7bu

url VCID-n2zu-prgr-dkfn

vulnerability_id VCID-n2zu-prgr-dkfn

summary The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-38512

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44761
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-38512

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/1934094578ddcd2c1f3d37593b493d3991a6a20f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/1934094578ddcd2c1f3d37593b493d3991a6a20f

reference_url

https://github.com/liferay/liferay-portal/commit/48fd5698fc1935a90e9c5013c328dbc369ba353d

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/48fd5698fc1935a90e9c5013c328dbc369ba353d

reference_url

https://liferay.atlassian.net/browse/LPE-17610

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17610

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-38512?p_r_p_assetEntryId=121612585&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612585%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512

reference_id

cve-2022-38512

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:08:04Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-38512

reference_id

CVE-2022-38512

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-38512

reference_url

https://github.com/advisories/GHSA-h9ww-wjg4-jvvg

reference_id

GHSA-h9ww-wjg4-jvvg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h9ww-wjg4-jvvg

reference_url

http://liferay.com

reference_id

liferay.com

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:08:04Z/

url

http://liferay.com

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u37

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u37

aliases CVE-2022-38512, GHSA-h9ww-wjg4-jvvg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2zu-prgr-dkfn

url VCID-n512-h3fa-xbh7

vulnerability_id VCID-n512-h3fa-xbh7

summary Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-42627

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43285
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-42627

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-42627

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-42627

reference_url

https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627

reference_id

cve-2023-42627

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T19:36:13Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627

reference_url

https://github.com/advisories/GHSA-qp68-5v39-r869

reference_id

GHSA-qp68-5v39-r869

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qp68-5v39-r869

reference_url

https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/

reference_id

stored-cross-site-scripting-vulnerabilities-in-liferay-portal

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T19:36:13Z/

url

https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/

fixed_packages

url	pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93
purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93

aliases CVE-2023-42627, GHSA-qp68-5v39-r869

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n512-h3fa-xbh7

url VCID-qfdp-4b77-uqda

vulnerability_id VCID-qfdp-4b77-uqda

summary Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-42497

reference_id

reference_type

scores

value	0.00192
scoring_system	epss
scoring_elements	0.40977
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-42497

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497?p_r_p_assetEntryId=122124913&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D122124913%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-42497

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-42497

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497

reference_id

cve-2023-42497

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T16:32:09Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497

reference_url

https://github.com/advisories/GHSA-w2g3-j73q-7qv7

reference_id

GHSA-w2g3-j73q-7qv7

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w2g3-j73q-7qv7

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u86

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u86

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-huvy-gpy3-v3dp

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u86

aliases CVE-2023-42497, GHSA-w2g3-j73q-7qv7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfdp-4b77-uqda

url VCID-uxjd-h6fd-sbgf

vulnerability_id VCID-uxjd-h6fd-sbgf

summary HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25609

reference_id

reference_type

scores

value	0.00261
scoring_system	epss
scoring_elements	0.49759
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25609

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362

reference_url

https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a

reference_url

https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed

reference_url

https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d

reference_url

https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0

reference_url

https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886

reference_url

https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609

reference_id

cve-2024-25609

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T19:18:48Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-25609

reference_id

CVE-2024-25609

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-25609

reference_url

https://github.com/advisories/GHSA-3qq5-wcrx-4h8r

reference_id

GHSA-3qq5-wcrx-4h8r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3qq5-wcrx-4h8r

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u9

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48hp-m4m8-cqge

vulnerability	VCID-4jau-1np8-6fd5

vulnerability	VCID-72my-1zwg-a7hx

vulnerability	VCID-8uqz-bc88-ybcc

vulnerability	VCID-9u32-4n1x-77ce

vulnerability	VCID-a62g-s5j4-73fr

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-j1vh-25uj-ukga

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-kqsk-3dby-s3dh

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n2zu-prgr-dkfn

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-way6-hfht-aya6

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u9

aliases CVE-2024-25609, GHSA-3qq5-wcrx-4h8r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxjd-h6fd-sbgf

url VCID-way6-hfht-aya6

vulnerability_id VCID-way6-hfht-aya6

summary A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42112

reference_id

reference_type

scores

value	0.00216
scoring_system	epss
scoring_elements	0.44209
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42112

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/1f6521605152c0f8f82f490300215f08f885fe48

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/1f6521605152c0f8f82f490300215f08f885fe48

reference_url

https://liferay.atlassian.net/browse/LPE-17536

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17536

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42112?p_r_p_assetEntryId=121612934&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612934%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112

reference_id

cve-2022-42112

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:43:43Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42112

reference_id

CVE-2022-42112

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42112

reference_url

https://web.archive.org/web/20220701000000*/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112

reference_id

CVE-2022-42112

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20220701000000*/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112

reference_url

https://github.com/advisories/GHSA-7f7g-vhff-mjqj

reference_id

GHSA-7f7g-vhff-mjqj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7f7g-vhff-mjqj

reference_url

http://liferay.com

reference_id

liferay.com

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:43:43Z/

url

http://liferay.com

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u25

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48hp-m4m8-cqge

vulnerability	VCID-4jau-1np8-6fd5

vulnerability	VCID-72my-1zwg-a7hx

vulnerability	VCID-a62g-s5j4-73fr

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-gngs-dm98-eqc2

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n2zu-prgr-dkfn

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-xfq5-m4vf-cyaj

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u25

aliases CVE-2022-42112, GHSA-7f7g-vhff-mjqj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-way6-hfht-aya6

url VCID-wfhk-xspf-7yev

vulnerability_id VCID-wfhk-xspf-7yev

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-42629

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43285
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-42629

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/2e02110747dd5cccb978623545bfa1f3ad0a5602

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/2e02110747dd5cccb978623545bfa1f3ad0a5602

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-42629

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-42629

reference_url

https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal

reference_url

https://github.com/advisories/GHSA-g44j-f8wm-6622

reference_id

GHSA-g44j-f8wm-6622

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g44j-f8wm-6622

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-huvy-gpy3-v3dp

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n512-h3fa-xbh7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

aliases CVE-2023-42629, GHSA-g44j-f8wm-6622

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfhk-xspf-7yev

url VCID-xfq5-m4vf-cyaj

vulnerability_id VCID-xfq5-m4vf-cyaj

summary Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-44309

reference_id

reference_type

scores

value	0.00199
scoring_system	epss
scoring_elements	0.41971
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-44309

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/1287c68486d60b87179995d8b8bd530031300a47

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/1287c68486d60b87179995d8b8bd530031300a47

reference_url

https://github.com/liferay/liferay-portal/commit/28f8a7aabccce45e9d60cfb0cf63fc53c99b0d26

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/28f8a7aabccce45e9d60cfb0cf63fc53c99b0d26

reference_url

https://github.com/liferay/liferay-portal/commit/9031a7a03e5891e7ccf762011fe8bcc2e433b1db

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9031a7a03e5891e7ccf762011fe8bcc2e433b1db

reference_url

https://github.com/liferay/liferay-portal/commit/ba628735cfae8656ab4243ecffce260413ed2460

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ba628735cfae8656ab4243ecffce260413ed2460

reference_url

https://github.com/liferay/liferay-portal/commit/d70fecd2c5709d8dd5f4992b408a640ce912001b

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/d70fecd2c5709d8dd5f4992b408a640ce912001b

reference_url

https://github.com/liferay/liferay-portal/commit/e45bf2d00ed7f95f02702a1da3e4115ab30b1bff

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/e45bf2d00ed7f95f02702a1da3e4115ab30b1bff

reference_url

https://github.com/liferay/liferay-portal/commit/ed856dd9e2947e3e660d7cfbdb8c604b296db790

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ed856dd9e2947e3e660d7cfbdb8c604b296db790

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-44309

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-44309

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44309

reference_id

cve-2023-44309

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T16:31:32Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44309

reference_url

https://github.com/advisories/GHSA-j663-6jpj-xx8c

reference_id

GHSA-j663-6jpj-xx8c

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j663-6jpj-xx8c

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u54

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u54

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-evf7-f2j5-rqhr

vulnerability	VCID-huvy-gpy3-v3dp

vulnerability	VCID-kpwb-z5k7-bqa8

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n512-h3fa-xbh7

vulnerability	VCID-qfdp-4b77-uqda

vulnerability	VCID-wfhk-xspf-7yev

vulnerability	VCID-zkm4-bz55-9bb8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u54

aliases CVE-2023-44309, GHSA-j663-6jpj-xx8c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfq5-m4vf-cyaj

url VCID-zkm4-bz55-9bb8

vulnerability_id VCID-zkm4-bz55-9bb8

summary Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-37940

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.38804
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-37940

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-37940

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-37940

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940

reference_id

CVE-2023-37940

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940

reference_url	https://github.com/advisories/GHSA-px38-239g-x5mg
reference_id	GHSA-px38-239g-x5mg
reference_type
scores
url	https://github.com/advisories/GHSA-px38-239g-x5mg

fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epds-vwku-cyed

vulnerability	VCID-huvy-gpy3-v3dp

vulnerability	VCID-mmy3-eycu-q7bu

vulnerability	VCID-n512-h3fa-xbh7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88

aliases CVE-2023-37940, GHSA-px38-239g-x5mg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkm4-bz55-9bb8

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u8

Package Instance