Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
Typemaven
Namespacecom.liferay.portal
Namerelease.dxp.bom
Version7.2.10.fp17
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.3u36
Latest_non_vulnerable_version2025.Q2.10
Affected_by_vulnerabilities
0
url VCID-48hp-m4m8-cqge
vulnerability_id VCID-48hp-m4m8-cqge
summary In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45224
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
3
reference_url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
4
reference_url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
reference_id cve-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:20:52Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
reference_id CVE-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
7
reference_url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
reference_id GHSA-2mvj-q2q3-wxjv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-72my-1zwg-a7hx
2
vulnerability VCID-a62g-s5j4-73fr
3
vulnerability VCID-bvbr-288p-xkak
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-j1vh-25uj-ukga
7
vulnerability VCID-kpwb-z5k7-bqa8
8
vulnerability VCID-kqhp-785u-nben
9
vulnerability VCID-kqsk-3dby-s3dh
10
vulnerability VCID-n512-h3fa-xbh7
11
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jau-1np8-6fd5
1
vulnerability VCID-72my-1zwg-a7hx
2
vulnerability VCID-a62g-s5j4-73fr
3
vulnerability VCID-epds-vwku-cyed
4
vulnerability VCID-evf7-f2j5-rqhr
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-mmy3-eycu-q7bu
8
vulnerability VCID-n2zu-prgr-dkfn
9
vulnerability VCID-n512-h3fa-xbh7
10
vulnerability VCID-qfdp-4b77-uqda
11
vulnerability VCID-wfhk-xspf-7yev
12
vulnerability VCID-xfq5-m4vf-cyaj
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
aliases CVE-2024-26267, GHSA-2mvj-q2q3-wxjv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48hp-m4m8-cqge
1
url VCID-6aqp-gny4-5ffp
vulnerability_id VCID-6aqp-gny4-5ffp
summary Liferay Portal and Liferay DXP fails to check origin of event messages
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25146
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33845
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25146
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25146
reference_id CVE-2022-25146
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25146
5
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps
reference_id CVE-2022-25146-CSRF-TOKEN-EXFILTRATION-VIA-REMOTE-APPS
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps
6
reference_url https://github.com/advisories/GHSA-ghw5-998m-vw4w
reference_id GHSA-ghw5-998m-vw4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ghw5-998m-vw4w
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-8uqz-bc88-ybcc
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-epds-vwku-cyed
7
vulnerability VCID-evf7-f2j5-rqhr
8
vulnerability VCID-gngs-dm98-eqc2
9
vulnerability VCID-j1vh-25uj-ukga
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-kqsk-3dby-s3dh
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-n512-h3fa-xbh7
14
vulnerability VCID-qfdp-4b77-uqda
15
vulnerability VCID-uxjd-h6fd-sbgf
16
vulnerability VCID-way6-hfht-aya6
17
vulnerability VCID-wfhk-xspf-7yev
18
vulnerability VCID-xfq5-m4vf-cyaj
19
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
aliases CVE-2022-25146, GHSA-ghw5-998m-vw4w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6aqp-gny4-5ffp
2
url VCID-72my-1zwg-a7hx
vulnerability_id VCID-72my-1zwg-a7hx
summary The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25144
reference_id
reference_type
scores
0
value 0.00318
scoring_system epss
scoring_elements 0.55238
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25144
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144
reference_id cve-2024-25144
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:11:12Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25144
reference_id CVE-2024-25144
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25144
4
reference_url https://github.com/advisories/GHSA-w275-m8cr-hf2v
reference_id GHSA-w275-m8cr-hf2v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w275-m8cr-hf2v
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u6
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-epds-vwku-cyed
4
vulnerability VCID-gngs-dm98-eqc2
5
vulnerability VCID-kpwb-z5k7-bqa8
6
vulnerability VCID-kqhp-785u-nben
7
vulnerability VCID-n512-h3fa-xbh7
8
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u6
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jau-1np8-6fd5
1
vulnerability VCID-epds-vwku-cyed
2
vulnerability VCID-evf7-f2j5-rqhr
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-kpwb-z5k7-bqa8
5
vulnerability VCID-mmy3-eycu-q7bu
6
vulnerability VCID-n2zu-prgr-dkfn
7
vulnerability VCID-n512-h3fa-xbh7
8
vulnerability VCID-qfdp-4b77-uqda
9
vulnerability VCID-wfhk-xspf-7yev
10
vulnerability VCID-xfq5-m4vf-cyaj
11
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
aliases CVE-2024-25144, GHSA-w275-m8cr-hf2v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72my-1zwg-a7hx
3
url VCID-9u32-4n1x-77ce
vulnerability_id VCID-9u32-4n1x-77ce
summary HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
reference_id
reference_type
scores
0
value 0.1765
scoring_system epss
scoring_elements 0.95251
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
3
reference_url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
reference_id cve-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:50:15Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
reference_id CVE-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
6
reference_url https://github.com/advisories/GHSA-548x-j6x6-hcv4
reference_id GHSA-548x-j6x6-hcv4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-548x-j6x6-hcv4
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-evf7-f2j5-rqhr
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-kpwb-z5k7-bqa8
8
vulnerability VCID-mmy3-eycu-q7bu
9
vulnerability VCID-n2zu-prgr-dkfn
10
vulnerability VCID-n512-h3fa-xbh7
11
vulnerability VCID-qfdp-4b77-uqda
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-wfhk-xspf-7yev
14
vulnerability VCID-xfq5-m4vf-cyaj
15
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
aliases CVE-2024-25608, GHSA-548x-j6x6-hcv4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u32-4n1x-77ce
4
url VCID-a62g-s5j4-73fr
vulnerability_id VCID-a62g-s5j4-73fr
summary User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54091
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
3
reference_url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
reference_id cve-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:17:11Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
reference_id CVE-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
6
reference_url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
reference_id GHSA-qm43-g2xj-hvg5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-cn4z-f8ej-ruha
3
vulnerability VCID-epds-vwku-cyed
4
vulnerability VCID-gngs-dm98-eqc2
5
vulnerability VCID-kpwb-z5k7-bqa8
6
vulnerability VCID-p17t-h88p-zybu
7
vulnerability VCID-qaj9-m3df-7qbr
8
vulnerability VCID-t5h8-q4q5-a3em
9
vulnerability VCID-vk9f-1396-jkcp
10
vulnerability VCID-vweb-9s62-zucm
11
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-epds-vwku-cyed
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-kpwb-z5k7-bqa8
5
vulnerability VCID-n512-h3fa-xbh7
6
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jau-1np8-6fd5
1
vulnerability VCID-epds-vwku-cyed
2
vulnerability VCID-evf7-f2j5-rqhr
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-kpwb-z5k7-bqa8
5
vulnerability VCID-mmy3-eycu-q7bu
6
vulnerability VCID-n2zu-prgr-dkfn
7
vulnerability VCID-n512-h3fa-xbh7
8
vulnerability VCID-qfdp-4b77-uqda
9
vulnerability VCID-wfhk-xspf-7yev
10
vulnerability VCID-xfq5-m4vf-cyaj
11
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
aliases CVE-2024-26268, GHSA-qm43-g2xj-hvg5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a62g-s5j4-73fr
5
url VCID-ank8-p9qa-9udx
vulnerability_id VCID-ank8-p9qa-9udx
summary Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25146
reference_id
reference_type
scores
0
value 0.00388
scoring_system epss
scoring_elements 0.60295
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25146
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146
reference_id cve-2024-25146
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25146
reference_id CVE-2024-25146
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25146
4
reference_url https://github.com/advisories/GHSA-mqf8-4cqm-p83x
reference_id GHSA-mqf8-4cqm-p83x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqf8-4cqm-p83x
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp18
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-bvbr-288p-xkak
6
vulnerability VCID-cn4z-f8ej-ruha
7
vulnerability VCID-epds-vwku-cyed
8
vulnerability VCID-gngs-dm98-eqc2
9
vulnerability VCID-kpwb-z5k7-bqa8
10
vulnerability VCID-mqut-n4an-x3cs
11
vulnerability VCID-p17t-h88p-zybu
12
vulnerability VCID-qaj9-m3df-7qbr
13
vulnerability VCID-snty-bgwf-33bu
14
vulnerability VCID-t5h8-q4q5-a3em
15
vulnerability VCID-uxjd-h6fd-sbgf
16
vulnerability VCID-vk9f-1396-jkcp
17
vulnerability VCID-vweb-9s62-zucm
18
vulnerability VCID-way6-hfht-aya6
19
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp18
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2024-25146, GHSA-mqf8-4cqm-p83x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ank8-p9qa-9udx
6
url VCID-bvbr-288p-xkak
vulnerability_id VCID-bvbr-288p-xkak
summary Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28980
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48281
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28980
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed
3
reference_url https://liferay.atlassian.net/browse/LPE-17420
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17420
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28980
reference_id CVE-2022-28980
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28980
6
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
reference_id cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
7
reference_url https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters
reference_id CVE-2022-28980-REFLECTED-XSS-WITH-FILTER_*-PARAMETERS-IN-APPLIED-FRAGMENT-FILTERS
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters
8
reference_url https://github.com/advisories/GHSA-8mp9-w7gr-pvj3
reference_id GHSA-8mp9-w7gr-pvj3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8mp9-w7gr-pvj3
9
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/
url http://liferay.com
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-6aqp-gny4-5ffp
3
vulnerability VCID-72my-1zwg-a7hx
4
vulnerability VCID-8uqz-bc88-ybcc
5
vulnerability VCID-9u32-4n1x-77ce
6
vulnerability VCID-a62g-s5j4-73fr
7
vulnerability VCID-evf7-f2j5-rqhr
8
vulnerability VCID-gngs-dm98-eqc2
9
vulnerability VCID-j1vh-25uj-ukga
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-kqsk-3dby-s3dh
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-n512-h3fa-xbh7
14
vulnerability VCID-qfdp-4b77-uqda
15
vulnerability VCID-uxjd-h6fd-sbgf
16
vulnerability VCID-way6-hfht-aya6
17
vulnerability VCID-wfhk-xspf-7yev
18
vulnerability VCID-xfq5-m4vf-cyaj
19
vulnerability VCID-zc53-8p5g-2kcv
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
aliases CVE-2022-28980, GHSA-8mp9-w7gr-pvj3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvbr-288p-xkak
7
url VCID-cn4z-f8ej-ruha
vulnerability_id VCID-cn4z-f8ej-ruha
summary Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29047
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52658
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29047
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29047
reference_id CVE-2021-29047
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29047
4
reference_url https://github.com/advisories/GHSA-9mxg-p873-6793
reference_id GHSA-9mxg-p873-6793
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9mxg-p873-6793
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29047, GHSA-9mxg-p873-6793
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cn4z-f8ej-ruha
8
url VCID-epds-vwku-cyed
vulnerability_id VCID-epds-vwku-cyed
summary A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3760
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36299
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3760
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3760
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3760
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760
reference_id CVE-2025-3760
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:22:03Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760
4
reference_url https://github.com/advisories/GHSA-qhp6-vp7c-g7xp
reference_id GHSA-qhp6-vp7c-g7xp
reference_type
scores
url https://github.com/advisories/GHSA-qhp6-vp7c-g7xp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-cn4z-f8ej-ruha
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-p17t-h88p-zybu
5
vulnerability VCID-qaj9-m3df-7qbr
6
vulnerability VCID-t5h8-q4q5-a3em
7
vulnerability VCID-vk9f-1396-jkcp
8
vulnerability VCID-vweb-9s62-zucm
9
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.0-2
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-gngs-dm98-eqc2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.0-2
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93
3
url pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q1.13
purl pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q1.13
4
url pkg:maven/com.liferay.portal/release.dxp.bom@2024.q1.13
purl pkg:maven/com.liferay.portal/release.dxp.bom@2024.q1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mmy3-eycu-q7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.q1.13
5
url pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.0
purl pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mmy3-eycu-q7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.0
6
url pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q3.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.Q3.10
7
url pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mmy3-eycu-q7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2024.q3.10
8
url pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q1.0
purl pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2025.Q1.0
9
url pkg:maven/com.liferay.portal/release.dxp.bom@2025.q1.0
purl pkg:maven/com.liferay.portal/release.dxp.bom@2025.q1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mmy3-eycu-q7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@2025.q1.0
aliases CVE-2025-3760, GHSA-qhp6-vp7c-g7xp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epds-vwku-cyed
9
url VCID-gngs-dm98-eqc2
vulnerability_id VCID-gngs-dm98-eqc2
summary Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-11993
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38804
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-11993
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-11993
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-11993
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993
reference_id CVE-2024-11993
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:24:48Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993
4
reference_url https://github.com/advisories/GHSA-4hxr-28mv-q729
reference_id GHSA-4hxr-28mv-q729
reference_type
scores
url https://github.com/advisories/GHSA-4hxr-28mv-q729
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u39
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epds-vwku-cyed
1
vulnerability VCID-evf7-f2j5-rqhr
2
vulnerability VCID-kpwb-z5k7-bqa8
3
vulnerability VCID-mmy3-eycu-q7bu
4
vulnerability VCID-n512-h3fa-xbh7
5
vulnerability VCID-qfdp-4b77-uqda
6
vulnerability VCID-wfhk-xspf-7yev
7
vulnerability VCID-xfq5-m4vf-cyaj
8
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u39
aliases CVE-2024-11993, GHSA-4hxr-28mv-q729
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gngs-dm98-eqc2
10
url VCID-kpwb-z5k7-bqa8
vulnerability_id VCID-kpwb-z5k7-bqa8
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42628
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36604
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42628
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
4
reference_url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
5
reference_url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
reference_id GHSA-hv45-r2f5-fmhj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-cn4z-f8ej-ruha
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-p17t-h88p-zybu
5
vulnerability VCID-qaj9-m3df-7qbr
6
vulnerability VCID-t5h8-q4q5-a3em
7
vulnerability VCID-vk9f-1396-jkcp
8
vulnerability VCID-vweb-9s62-zucm
9
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-epds-vwku-cyed
3
vulnerability VCID-gngs-dm98-eqc2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epds-vwku-cyed
1
vulnerability VCID-huvy-gpy3-v3dp
2
vulnerability VCID-mmy3-eycu-q7bu
3
vulnerability VCID-n512-h3fa-xbh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
aliases CVE-2023-42628, GHSA-hv45-r2f5-fmhj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpwb-z5k7-bqa8
11
url VCID-mqut-n4an-x3cs
vulnerability_id VCID-mqut-n4an-x3cs
summary Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38474
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
3
reference_url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
4
reference_url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
5
reference_url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
6
reference_url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
7
reference_url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
8
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
reference_id cve-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T14:56:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
reference_id CVE-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
10
reference_url https://github.com/advisories/GHSA-4585-28v2-8h46
reference_id GHSA-4585-28v2-8h46
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4585-28v2-8h46
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2024-25150, GHSA-4585-28v2-8h46
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqut-n4an-x3cs
12
url VCID-p17t-h88p-zybu
vulnerability_id VCID-p17t-h88p-zybu
summary Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29041
reference_id
reference_type
scores
0
value 0.00507
scoring_system epss
scoring_elements 0.66731
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29041
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17131
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17131
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29041
reference_id CVE-2021-29041
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29041
4
reference_url https://github.com/advisories/GHSA-82j7-2h3j-hc7f
reference_id GHSA-82j7-2h3j-hc7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-82j7-2h3j-hc7f
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29041, GHSA-82j7-2h3j-hc7f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p17t-h88p-zybu
13
url VCID-qaj9-m3df-7qbr
vulnerability_id VCID-qaj9-m3df-7qbr
summary Liferay Portal and Liferay DXP Fails to Check Permissions
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29052
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27557
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29052
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29052
reference_id CVE-2021-29052
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29052
4
reference_url https://github.com/advisories/GHSA-pr7v-qv65-rp9m
reference_id GHSA-pr7v-qv65-rp9m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr7v-qv65-rp9m
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29052, GHSA-pr7v-qv65-rp9m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qaj9-m3df-7qbr
14
url VCID-snty-bgwf-33bu
vulnerability_id VCID-snty-bgwf-33bu
summary Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42111
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38749
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42111
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/0307ce50253f03203e613534ea03061b0b38caf0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/0307ce50253f03203e613534ea03061b0b38caf0
3
reference_url https://github.com/liferay/liferay-portal/commit/4dec737577cfa2d7dd857bf9b4a4ffb5fc02dcc7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/4dec737577cfa2d7dd857bf9b4a4ffb5fc02dcc7
4
reference_url https://github.com/liferay/liferay-portal/commit/5a0d16269d0a2e1b370ad8c38ee4d11f34476af5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5a0d16269d0a2e1b370ad8c38ee4d11f34476af5
5
reference_url https://github.com/liferay/liferay-portal/commit/9d53dd83c80833c318f80b7116c441cf005cc781
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9d53dd83c80833c318f80b7116c441cf005cc781
6
reference_url https://issues.liferay.com/browse/LPE-17379
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17379
7
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42111?p_r_p_assetEntryId=121612900&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612900%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42111?p_r_p_assetEntryId=121612900&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612900%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42111
reference_id CVE-2022-42111
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42111
9
reference_url https://github.com/advisories/GHSA-p768-r2m2-8vjr
reference_id GHSA-p768-r2m2-8vjr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p768-r2m2-8vjr
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2022-42111, GHSA-p768-r2m2-8vjr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snty-bgwf-33bu
15
url VCID-t5h8-q4q5-a3em
vulnerability_id VCID-t5h8-q4q5-a3em
summary Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29053
reference_id
reference_type
scores
0
value 0.00449
scoring_system epss
scoring_elements 0.64038
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29053
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29053
reference_id CVE-2021-29053
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29053
4
reference_url https://github.com/advisories/GHSA-f9wj-c5pc-g9rh
reference_id GHSA-f9wj-c5pc-g9rh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f9wj-c5pc-g9rh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29053, GHSA-f9wj-c5pc-g9rh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5h8-q4q5-a3em
16
url VCID-uxjd-h6fd-sbgf
vulnerability_id VCID-uxjd-h6fd-sbgf
summary HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25609
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49759
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25609
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362
3
reference_url https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a
4
reference_url https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed
5
reference_url https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d
6
reference_url https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0
7
reference_url https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886
8
reference_url https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003
9
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609
reference_id cve-2024-25609
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T19:18:48Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25609
reference_id CVE-2024-25609
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25609
11
reference_url https://github.com/advisories/GHSA-3qq5-wcrx-4h8r
reference_id GHSA-3qq5-wcrx-4h8r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3qq5-wcrx-4h8r
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u9
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-8uqz-bc88-ybcc
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-epds-vwku-cyed
7
vulnerability VCID-evf7-f2j5-rqhr
8
vulnerability VCID-gngs-dm98-eqc2
9
vulnerability VCID-j1vh-25uj-ukga
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-kqsk-3dby-s3dh
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-n2zu-prgr-dkfn
14
vulnerability VCID-n512-h3fa-xbh7
15
vulnerability VCID-qfdp-4b77-uqda
16
vulnerability VCID-way6-hfht-aya6
17
vulnerability VCID-wfhk-xspf-7yev
18
vulnerability VCID-xfq5-m4vf-cyaj
19
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u9
aliases CVE-2024-25609, GHSA-3qq5-wcrx-4h8r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxjd-h6fd-sbgf
17
url VCID-vk9f-1396-jkcp
vulnerability_id VCID-vk9f-1396-jkcp
summary Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38265
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39174
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38265
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b
3
reference_url https://liferay.atlassian.net/browse/LPE-17229
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17229
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38265
reference_id CVE-2021-38265
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38265
6
reference_url https://github.com/advisories/GHSA-3x83-whxw-pvmg
reference_id GHSA-3x83-whxw-pvmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x83-whxw-pvmg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-91rc-5gz3-dbcf
7
vulnerability VCID-9ka7-ck9s-nudp
8
vulnerability VCID-9u32-4n1x-77ce
9
vulnerability VCID-a62g-s5j4-73fr
10
vulnerability VCID-ank8-p9qa-9udx
11
vulnerability VCID-b31e-vxh7-1qe8
12
vulnerability VCID-bmbd-g58w-z3gy
13
vulnerability VCID-bvbr-288p-xkak
14
vulnerability VCID-ckbc-n5n3-dka6
15
vulnerability VCID-cn4z-f8ej-ruha
16
vulnerability VCID-ed9v-m3q5-6yaq
17
vulnerability VCID-g52h-8r1h-dfhe
18
vulnerability VCID-g6wt-vwuh-cua8
19
vulnerability VCID-gngs-dm98-eqc2
20
vulnerability VCID-h9vv-1cu6-jydx
21
vulnerability VCID-hqd6-nkr9-4ffm
22
vulnerability VCID-j1vh-25uj-ukga
23
vulnerability VCID-kpwb-z5k7-bqa8
24
vulnerability VCID-kqhp-785u-nben
25
vulnerability VCID-kqsk-3dby-s3dh
26
vulnerability VCID-mqut-n4an-x3cs
27
vulnerability VCID-n512-h3fa-xbh7
28
vulnerability VCID-p17t-h88p-zybu
29
vulnerability VCID-qaj9-m3df-7qbr
30
vulnerability VCID-qztv-899y-sbb8
31
vulnerability VCID-scdp-ugfr-yqap
32
vulnerability VCID-snty-bgwf-33bu
33
vulnerability VCID-t5h8-q4q5-a3em
34
vulnerability VCID-tgpb-tps9-wfd5
35
vulnerability VCID-tvcx-nbr1-efc2
36
vulnerability VCID-txpn-fzyb-3udy
37
vulnerability VCID-umd8-9ypn-zkdk
38
vulnerability VCID-v9m5-8c56-tuhb
39
vulnerability VCID-way6-hfht-aya6
40
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
aliases CVE-2021-38265, GHSA-3x83-whxw-pvmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vk9f-1396-jkcp
18
url VCID-vweb-9s62-zucm
vulnerability_id VCID-vweb-9s62-zucm
summary Liferay Portal and Liferay DXP fails to properly import users from LDAP
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38266
reference_id
reference_type
scores
0
value 0.01851
scoring_system epss
scoring_elements 0.83417
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38266
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736
3
reference_url https://issues.liferay.com/browse/LPE-17191
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17191
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38266
reference_id CVE-2021-38266
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38266
6
reference_url https://github.com/advisories/GHSA-jp3m-vh3g-6ggp
reference_id GHSA-jp3m-vh3g-6ggp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp3m-vh3g-6ggp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-91rc-5gz3-dbcf
7
vulnerability VCID-9ka7-ck9s-nudp
8
vulnerability VCID-9u32-4n1x-77ce
9
vulnerability VCID-a62g-s5j4-73fr
10
vulnerability VCID-ank8-p9qa-9udx
11
vulnerability VCID-b31e-vxh7-1qe8
12
vulnerability VCID-bmbd-g58w-z3gy
13
vulnerability VCID-bvbr-288p-xkak
14
vulnerability VCID-ckbc-n5n3-dka6
15
vulnerability VCID-cn4z-f8ej-ruha
16
vulnerability VCID-ed9v-m3q5-6yaq
17
vulnerability VCID-g52h-8r1h-dfhe
18
vulnerability VCID-g6wt-vwuh-cua8
19
vulnerability VCID-gngs-dm98-eqc2
20
vulnerability VCID-h9vv-1cu6-jydx
21
vulnerability VCID-hqd6-nkr9-4ffm
22
vulnerability VCID-j1vh-25uj-ukga
23
vulnerability VCID-kpwb-z5k7-bqa8
24
vulnerability VCID-kqhp-785u-nben
25
vulnerability VCID-kqsk-3dby-s3dh
26
vulnerability VCID-mqut-n4an-x3cs
27
vulnerability VCID-n512-h3fa-xbh7
28
vulnerability VCID-p17t-h88p-zybu
29
vulnerability VCID-qaj9-m3df-7qbr
30
vulnerability VCID-qztv-899y-sbb8
31
vulnerability VCID-scdp-ugfr-yqap
32
vulnerability VCID-snty-bgwf-33bu
33
vulnerability VCID-t5h8-q4q5-a3em
34
vulnerability VCID-tgpb-tps9-wfd5
35
vulnerability VCID-tvcx-nbr1-efc2
36
vulnerability VCID-txpn-fzyb-3udy
37
vulnerability VCID-umd8-9ypn-zkdk
38
vulnerability VCID-v9m5-8c56-tuhb
39
vulnerability VCID-way6-hfht-aya6
40
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
aliases CVE-2021-38266, GHSA-jp3m-vh3g-6ggp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vweb-9s62-zucm
19
url VCID-way6-hfht-aya6
vulnerability_id VCID-way6-hfht-aya6
summary A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42112
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44209
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42112
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/1f6521605152c0f8f82f490300215f08f885fe48
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/1f6521605152c0f8f82f490300215f08f885fe48
3
reference_url https://liferay.atlassian.net/browse/LPE-17536
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17536
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42112?p_r_p_assetEntryId=121612934&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612934%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42112?p_r_p_assetEntryId=121612934&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612934%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112
reference_id cve-2022-42112
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:43:43Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42112
reference_id CVE-2022-42112
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42112
7
reference_url https://web.archive.org/web/20220701000000*/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112
reference_id CVE-2022-42112
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220701000000*/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112
8
reference_url https://github.com/advisories/GHSA-7f7g-vhff-mjqj
reference_id GHSA-7f7g-vhff-mjqj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7f7g-vhff-mjqj
9
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:43:43Z/
url http://liferay.com
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-a62g-s5j4-73fr
2
vulnerability VCID-bvbr-288p-xkak
3
vulnerability VCID-cn4z-f8ej-ruha
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-kpwb-z5k7-bqa8
7
vulnerability VCID-p17t-h88p-zybu
8
vulnerability VCID-qaj9-m3df-7qbr
9
vulnerability VCID-t5h8-q4q5-a3em
10
vulnerability VCID-vk9f-1396-jkcp
11
vulnerability VCID-vweb-9s62-zucm
12
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-72my-1zwg-a7hx
2
vulnerability VCID-a62g-s5j4-73fr
3
vulnerability VCID-bvbr-288p-xkak
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-gngs-dm98-eqc2
6
vulnerability VCID-j1vh-25uj-ukga
7
vulnerability VCID-kpwb-z5k7-bqa8
8
vulnerability VCID-kqhp-785u-nben
9
vulnerability VCID-kqsk-3dby-s3dh
10
vulnerability VCID-n512-h3fa-xbh7
11
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u25
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-epds-vwku-cyed
5
vulnerability VCID-evf7-f2j5-rqhr
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-kpwb-z5k7-bqa8
8
vulnerability VCID-mmy3-eycu-q7bu
9
vulnerability VCID-n2zu-prgr-dkfn
10
vulnerability VCID-n512-h3fa-xbh7
11
vulnerability VCID-qfdp-4b77-uqda
12
vulnerability VCID-wfhk-xspf-7yev
13
vulnerability VCID-xfq5-m4vf-cyaj
14
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u25
aliases CVE-2022-42112, GHSA-7f7g-vhff-mjqj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-way6-hfht-aya6
20
url VCID-zkm4-bz55-9bb8
vulnerability_id VCID-zkm4-bz55-9bb8
summary Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38804
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
reference_id CVE-2023-37940
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
4
reference_url https://github.com/advisories/GHSA-px38-239g-x5mg
reference_id GHSA-px38-239g-x5mg
reference_type
scores
url https://github.com/advisories/GHSA-px38-239g-x5mg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aqp-gny4-5ffp
1
vulnerability VCID-bvbr-288p-xkak
2
vulnerability VCID-epds-vwku-cyed
3
vulnerability VCID-gngs-dm98-eqc2
4
vulnerability VCID-kpwb-z5k7-bqa8
5
vulnerability VCID-n512-h3fa-xbh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epds-vwku-cyed
1
vulnerability VCID-huvy-gpy3-v3dp
2
vulnerability VCID-mmy3-eycu-q7bu
3
vulnerability VCID-n512-h3fa-xbh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
aliases CVE-2023-37940, GHSA-px38-239g-x5mg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkm4-bz55-9bb8
Fixing_vulnerabilities
0
url VCID-1bjj-tjj8-pudd
vulnerability_id VCID-1bjj-tjj8-pudd
summary Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25603
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25603
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603
reference_id cve-2024-25603
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-15T15:56:27Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25603
reference_id CVE-2024-25603
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25603
4
reference_url https://github.com/advisories/GHSA-44jg-jgjx-3xg5
reference_id GHSA-44jg-jgjx-3xg5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44jg-jgjx-3xg5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2024-25603, GHSA-44jg-jgjx-3xg5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bjj-tjj8-pudd
1
url VCID-5gqq-m36a-53b6
vulnerability_id VCID-5gqq-m36a-53b6
summary Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25601
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25601
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601
reference_id cve-2024-25601
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T14:15:10Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25601
reference_id CVE-2024-25601
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25601
4
reference_url https://github.com/advisories/GHSA-cr36-3vqf-x5w5
reference_id GHSA-cr36-3vqf-x5w5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr36-3vqf-x5w5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2024-25601, GHSA-cr36-3vqf-x5w5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5gqq-m36a-53b6
2
url VCID-6jw2-chce-suhn
vulnerability_id VCID-6jw2-chce-suhn
summary The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25607
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27316
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25607
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607
reference_id cve-2024-25607
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-20T13:27:04Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25607
reference_id CVE-2024-25607
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25607
4
reference_url https://github.com/advisories/GHSA-43h9-p3j4-39hm
reference_id GHSA-43h9-p3j4-39hm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43h9-p3j4-39hm
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u16
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-8uqz-bc88-ybcc
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-epds-vwku-cyed
7
vulnerability VCID-evf7-f2j5-rqhr
8
vulnerability VCID-gngs-dm98-eqc2
9
vulnerability VCID-kpwb-z5k7-bqa8
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-mmy3-eycu-q7bu
12
vulnerability VCID-n2zu-prgr-dkfn
13
vulnerability VCID-n512-h3fa-xbh7
14
vulnerability VCID-qfdp-4b77-uqda
15
vulnerability VCID-way6-hfht-aya6
16
vulnerability VCID-wfhk-xspf-7yev
17
vulnerability VCID-xfq5-m4vf-cyaj
18
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u16
aliases CVE-2024-25607, GHSA-43h9-p3j4-39hm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jw2-chce-suhn
3
url VCID-ckbc-n5n3-dka6
vulnerability_id VCID-ckbc-n5n3-dka6
summary Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26285
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
reference_id cve-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:45:01Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
reference_id CVE-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
5
reference_url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
reference_id GHSA-mwhf-6mjm-6w3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25ay-9z7s-47dg
1
vulnerability VCID-48hp-m4m8-cqge
2
vulnerability VCID-5gqq-m36a-53b6
3
vulnerability VCID-6aqp-gny4-5ffp
4
vulnerability VCID-72my-1zwg-a7hx
5
vulnerability VCID-8uqz-bc88-ybcc
6
vulnerability VCID-9ka7-ck9s-nudp
7
vulnerability VCID-9u32-4n1x-77ce
8
vulnerability VCID-a62g-s5j4-73fr
9
vulnerability VCID-ank8-p9qa-9udx
10
vulnerability VCID-b31e-vxh7-1qe8
11
vulnerability VCID-bvbr-288p-xkak
12
vulnerability VCID-ed9v-m3q5-6yaq
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-evf7-f2j5-rqhr
15
vulnerability VCID-g52h-8r1h-dfhe
16
vulnerability VCID-gngs-dm98-eqc2
17
vulnerability VCID-h9vv-1cu6-jydx
18
vulnerability VCID-j1vh-25uj-ukga
19
vulnerability VCID-kpwb-z5k7-bqa8
20
vulnerability VCID-kqhp-785u-nben
21
vulnerability VCID-kqsk-3dby-s3dh
22
vulnerability VCID-mqut-n4an-x3cs
23
vulnerability VCID-n512-h3fa-xbh7
24
vulnerability VCID-qztv-899y-sbb8
25
vulnerability VCID-scdp-ugfr-yqap
26
vulnerability VCID-snty-bgwf-33bu
27
vulnerability VCID-tgpb-tps9-wfd5
28
vulnerability VCID-tvcx-nbr1-efc2
29
vulnerability VCID-txpn-fzyb-3udy
30
vulnerability VCID-umd8-9ypn-zkdk
31
vulnerability VCID-way6-hfht-aya6
32
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29038, GHSA-mwhf-6mjm-6w3h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckbc-n5n3-dka6
4
url VCID-cn1e-v8j7-mfhp
vulnerability_id VCID-cn1e-v8j7-mfhp
summary Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25604
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25376
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25604
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724
3
reference_url https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604
reference_id cve-2024-25604
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:38:45Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25604
reference_id CVE-2024-25604
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25604
6
reference_url https://github.com/advisories/GHSA-pw7p-3648-qqmg
reference_id GHSA-pw7p-3648-qqmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pw7p-3648-qqmg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
aliases CVE-2024-25604, GHSA-pw7p-3648-qqmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cn1e-v8j7-mfhp
5
url VCID-ed9v-m3q5-6yaq
vulnerability_id VCID-ed9v-m3q5-6yaq
summary Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25602
reference_id
reference_type
scores
0
value 0.00458
scoring_system epss
scoring_elements 0.64421
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25602
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602
reference_id cve-2024-25602
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:23:34Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25602
reference_id CVE-2024-25602
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25602
4
reference_url https://github.com/advisories/GHSA-v2xq-m22w-jmpr
reference_id GHSA-v2xq-m22w-jmpr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v2xq-m22w-jmpr
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2024-25602, GHSA-v2xq-m22w-jmpr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ed9v-m3q5-6yaq
6
url VCID-g52h-8r1h-dfhe
vulnerability_id VCID-g52h-8r1h-dfhe
summary Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
reference_id cve-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-08T17:02:17Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
reference_id CVE-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
4
reference_url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
reference_id GHSA-9vgq-w5pv-v77q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
aliases CVE-2024-25145, GHSA-9vgq-w5pv-v77q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g52h-8r1h-dfhe
7
url VCID-gkpd-2p17-7fcq
vulnerability_id VCID-gkpd-2p17-7fcq
summary A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42121
reference_id
reference_type
scores
0
value 0.00605
scoring_system epss
scoring_elements 0.70093
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42121
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/14c8fbbac814c0b511b4f3ade19eafb2182923c7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/14c8fbbac814c0b511b4f3ade19eafb2182923c7
3
reference_url https://github.com/liferay/liferay-portal/commit/5a17acb714c57e36695b7caff8e6a2789e2cf9d0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5a17acb714c57e36695b7caff8e6a2789e2cf9d0
4
reference_url https://github.com/liferay/liferay-portal/commit/82de94e9f3a4425e3ee6c187462d670ae9bfef51
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/82de94e9f3a4425e3ee6c187462d670ae9bfef51
5
reference_url https://github.com/liferay/liferay-portal/commit/f245f4b428186c8e5964a9ffe90ccc7e12cf7f66
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f245f4b428186c8e5964a9ffe90ccc7e12cf7f66
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42121?p_r_p_assetEntryId=121613426&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613426%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42121?p_r_p_assetEntryId=121613426&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613426%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
7
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42121
reference_id cve-2022-42121
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:01:37Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42121
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42121
reference_id CVE-2022-42121
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42121
9
reference_url https://github.com/advisories/GHSA-gxxj-fhmr-37j9
reference_id GHSA-gxxj-fhmr-37j9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gxxj-fhmr-37j9
10
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:01:37Z/
url http://liferay.com
11
reference_url https://issues.liferay.com/browse/LPE-17414
reference_id LPE-17414
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:01:37Z/
url https://issues.liferay.com/browse/LPE-17414
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-91rc-5gz3-dbcf
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-bvbr-288p-xkak
6
vulnerability VCID-ckbc-n5n3-dka6
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-g52h-8r1h-dfhe
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-k469-ety8-rqby
11
vulnerability VCID-kpwb-z5k7-bqa8
12
vulnerability VCID-mqut-n4an-x3cs
13
vulnerability VCID-n634-fspx-judk
14
vulnerability VCID-p17t-h88p-zybu
15
vulnerability VCID-qaj9-m3df-7qbr
16
vulnerability VCID-t5h8-q4q5-a3em
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
aliases CVE-2022-42121, GHSA-gxxj-fhmr-37j9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkpd-2p17-7fcq
8
url VCID-jh4y-y7np-9fav
vulnerability_id VCID-jh4y-y7np-9fav
summary Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26266
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26266
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266
reference_id cve-2024-26266
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:43:41Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26266
reference_id CVE-2024-26266
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26266
4
reference_url https://github.com/advisories/GHSA-rwxc-4cmw-7x75
reference_id GHSA-rwxc-4cmw-7x75
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwxc-4cmw-7x75
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-4jau-1np8-6fd5
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-8uqz-bc88-ybcc
4
vulnerability VCID-9u32-4n1x-77ce
5
vulnerability VCID-a62g-s5j4-73fr
6
vulnerability VCID-epds-vwku-cyed
7
vulnerability VCID-evf7-f2j5-rqhr
8
vulnerability VCID-gngs-dm98-eqc2
9
vulnerability VCID-j1vh-25uj-ukga
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-kqsk-3dby-s3dh
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-n2zu-prgr-dkfn
14
vulnerability VCID-n512-h3fa-xbh7
15
vulnerability VCID-qfdp-4b77-uqda
16
vulnerability VCID-way6-hfht-aya6
17
vulnerability VCID-wfhk-xspf-7yev
18
vulnerability VCID-xfq5-m4vf-cyaj
19
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u10
aliases CVE-2024-26266, GHSA-rwxc-4cmw-7x75
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jh4y-y7np-9fav
9
url VCID-k469-ety8-rqby
vulnerability_id VCID-k469-ety8-rqby
summary The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40276
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
3
reference_url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
reference_id cve-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:21:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
reference_id CVE-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
6
reference_url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
reference_id GHSA-mf8h-grfg-j9j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
aliases CVE-2024-25605, GHSA-mf8h-grfg-j9j3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k469-ety8-rqby
10
url VCID-t2ys-d2mh-xygr
vulnerability_id VCID-t2ys-d2mh-xygr
summary The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42132
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56187
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42132
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d
3
reference_url https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
reference_id cve-2022-42132
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42132
reference_id CVE-2022-42132
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42132
7
reference_url https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
reference_id CVE-2022-42132
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132
8
reference_url https://github.com/advisories/GHSA-f43m-hhj4-q3jg
reference_id GHSA-f43m-hhj4-q3jg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f43m-hhj4-q3jg
9
reference_url http://liferay.com
reference_id liferay.com
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/
url http://liferay.com
10
reference_url https://issues.liferay.com/browse/LPE-17438
reference_id LPE-17438
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/
url https://issues.liferay.com/browse/LPE-17438
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-91rc-5gz3-dbcf
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-bvbr-288p-xkak
6
vulnerability VCID-ckbc-n5n3-dka6
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-g52h-8r1h-dfhe
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-k469-ety8-rqby
11
vulnerability VCID-kpwb-z5k7-bqa8
12
vulnerability VCID-mqut-n4an-x3cs
13
vulnerability VCID-n634-fspx-judk
14
vulnerability VCID-p17t-h88p-zybu
15
vulnerability VCID-qaj9-m3df-7qbr
16
vulnerability VCID-t5h8-q4q5-a3em
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2022-42132, GHSA-f43m-hhj4-q3jg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ys-d2mh-xygr
11
url VCID-tgpb-tps9-wfd5
vulnerability_id VCID-tgpb-tps9-wfd5
summary Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25152
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35693
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25152
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152
reference_id cve-2024-25152
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T19:54:47Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25152
reference_id CVE-2024-25152
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25152
4
reference_url https://github.com/advisories/GHSA-p28x-4r5h-ph6j
reference_id GHSA-p28x-4r5h-ph6j
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p28x-4r5h-ph6j
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-a62g-s5j4-73fr
4
vulnerability VCID-bvbr-288p-xkak
5
vulnerability VCID-epds-vwku-cyed
6
vulnerability VCID-gngs-dm98-eqc2
7
vulnerability VCID-j1vh-25uj-ukga
8
vulnerability VCID-kpwb-z5k7-bqa8
9
vulnerability VCID-kqhp-785u-nben
10
vulnerability VCID-kqsk-3dby-s3dh
11
vulnerability VCID-n512-h3fa-xbh7
12
vulnerability VCID-way6-hfht-aya6
13
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2024-25152, GHSA-p28x-4r5h-ph6j
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgpb-tps9-wfd5
12
url VCID-xxcp-sye1-tfbz
vulnerability_id VCID-xxcp-sye1-tfbz
summary A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42110
reference_id
reference_type
scores
0
value 0.00475
scoring_system epss
scoring_elements 0.65269
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42110
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/99b1c4752cd06e6681d7aa9c3b0f58154f434060
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/99b1c4752cd06e6681d7aa9c3b0f58154f434060
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42110?p_r_p_assetEntryId=121612856&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612856%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42110?p_r_p_assetEntryId=121612856&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612856%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42110
reference_id cve-2022-42110
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:52:12Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42110
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42110
reference_id CVE-2022-42110
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42110
6
reference_url https://github.com/advisories/GHSA-2qwm-9mg5-jwq8
reference_id GHSA-2qwm-9mg5-jwq8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qwm-9mg5-jwq8
7
reference_url https://issues.liferay.com/browse/LPE-17403
reference_id LPE-17403
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:52:12Z/
url https://issues.liferay.com/browse/LPE-17403
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-91rc-5gz3-dbcf
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-bvbr-288p-xkak
6
vulnerability VCID-ckbc-n5n3-dka6
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-g52h-8r1h-dfhe
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-k469-ety8-rqby
11
vulnerability VCID-kpwb-z5k7-bqa8
12
vulnerability VCID-mqut-n4an-x3cs
13
vulnerability VCID-n634-fspx-judk
14
vulnerability VCID-p17t-h88p-zybu
15
vulnerability VCID-qaj9-m3df-7qbr
16
vulnerability VCID-t5h8-q4q5-a3em
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48hp-m4m8-cqge
1
vulnerability VCID-6aqp-gny4-5ffp
2
vulnerability VCID-72my-1zwg-a7hx
3
vulnerability VCID-9u32-4n1x-77ce
4
vulnerability VCID-a62g-s5j4-73fr
5
vulnerability VCID-ank8-p9qa-9udx
6
vulnerability VCID-bvbr-288p-xkak
7
vulnerability VCID-cn4z-f8ej-ruha
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-gngs-dm98-eqc2
10
vulnerability VCID-kpwb-z5k7-bqa8
11
vulnerability VCID-mqut-n4an-x3cs
12
vulnerability VCID-p17t-h88p-zybu
13
vulnerability VCID-qaj9-m3df-7qbr
14
vulnerability VCID-snty-bgwf-33bu
15
vulnerability VCID-t5h8-q4q5-a3em
16
vulnerability VCID-uxjd-h6fd-sbgf
17
vulnerability VCID-vk9f-1396-jkcp
18
vulnerability VCID-vweb-9s62-zucm
19
vulnerability VCID-way6-hfht-aya6
20
vulnerability VCID-zkm4-bz55-9bb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
aliases CVE-2022-42110, GHSA-2qwm-9mg5-jwq8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxcp-sye1-tfbz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17