{"url":"http://public2.vulnerablecode.io/api/packages/503238?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.2.1","type":"maven","namespace":"com.liferay.portal","name":"release.portal.bom","version":"7.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111769?format=json","vulnerability_id":"VCID-17tm-rzgk-qfas","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page\nCross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the (1) _com_liferay_journal_web_portlet_JournalPortlet_name or (2) _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33328","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35015","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35038","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34978","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34942","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33328"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17100","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17100"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33328","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33328"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972"},{"reference_url":"https://github.com/advisories/GHSA-vpvm-3wfw-5f5c","reference_id":"GHSA-vpvm-3wfw-5f5c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vpvm-3wfw-5f5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151059?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7f43-u96s-qyeq"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebmm-3qj1-8uec"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-fxtu-zgpf-cbhs"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-ykxs-jz2j-bqay"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5"}],"aliases":["CVE-2021-33328","GHSA-vpvm-3wfw-5f5c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17tm-rzgk-qfas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47058?format=json","vulnerability_id":"VCID-1fqz-psdf-g7dm","summary":"Liferay Portal and Liferay DXP User Enumeration Vulnerability\nUser enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26268","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54023","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54034","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54027","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26268"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268","reference_id":"CVE-2024-26268","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:17:11Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26268","reference_id":"CVE-2024-26268","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26268"},{"reference_url":"https://github.com/advisories/GHSA-qm43-g2xj-hvg5","reference_id":"GHSA-qm43-g2xj-hvg5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm43-g2xj-hvg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69041?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27"},{"url":"http://public2.vulnerablecode.io/api/packages/504697?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dvp1-5vf5-qfg9"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ej5y-geq1-pkfn"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.28"}],"aliases":["CVE-2024-26268","GHSA-qm43-g2xj-hvg5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fqz-psdf-g7dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110913?format=json","vulnerability_id":"VCID-1h16-mptk-gke7","summary":"Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password\nThe Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29043","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42502","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42586","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42575","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42524","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42559","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29043"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29043","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29043"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515"},{"reference_url":"https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515"},{"reference_url":"https://github.com/advisories/GHSA-xx2h-2hf5-v7vv","reference_id":"GHSA-xx2h-2hf5-v7vv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx2h-2hf5-v7vv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150185?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29043","GHSA-xx2h-2hf5-v7vv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1h16-mptk-gke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47059?format=json","vulnerability_id":"VCID-266t-4gfq-duh4","summary":"Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel\nInformation disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25150","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38414","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38442","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3847","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38467","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25150"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150","reference_id":"CVE-2024-25150","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T14:56:08Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25150","reference_id":"CVE-2024-25150","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25150"},{"reference_url":"https://github.com/advisories/GHSA-4585-28v2-8h46","reference_id":"GHSA-4585-28v2-8h46","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4585-28v2-8h46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69044?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4"},{"url":"http://public2.vulnerablecode.io/api/packages/69097?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2024-25150","GHSA-4585-28v2-8h46"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-266t-4gfq-duh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47042?format=json","vulnerability_id":"VCID-298n-mh47-3ygq","summary":"Liferay Portal has an XXE vulnerability in Java2WsddTask._format\nXXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25606","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33917","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3395","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33983","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33968","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25606"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606","reference_id":"CVE-2024-25606","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T13:32:40Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25606","reference_id":"CVE-2024-25606","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25606"},{"reference_url":"https://github.com/advisories/GHSA-869h-qhfx-w939","reference_id":"GHSA-869h-qhfx-w939","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-869h-qhfx-w939"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69058?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.8"}],"aliases":["CVE-2024-25606","GHSA-869h-qhfx-w939"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-298n-mh47-3ygq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112176?format=json","vulnerability_id":"VCID-2dc6-guhs-juhy","summary":"Liferay Portal and Liferay DXP Fails to Properly Check User Permissions\nThe Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms \"Access in Site Administration\" permission to view all forms and form entries in a site via the forms section in site administration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33334","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2393","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23982","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23999","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23873","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23903","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33334"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17039","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17039"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33334","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33334"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332"},{"reference_url":"https://github.com/advisories/GHSA-g37f-j8hh-736f","reference_id":"GHSA-g37f-j8hh-736f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g37f-j8hh-736f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/520090?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1"}],"aliases":["CVE-2021-33334","GHSA-g37f-j8hh-736f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dc6-guhs-juhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108928?format=json","vulnerability_id":"VCID-2fn6-apud-qbh4","summary":"Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled\nAn insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41414","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42718","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42741","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4273","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42682","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42656","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41414"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/659c4422bd32b1db1a01a7f4a42b7702d512ffa2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/659c4422bd32b1db1a01a7f4a42b7702d512ffa2"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-01-insecure-defaults-auth-login-prompt-enabled?p_r_p_assetEntryId=121612026&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612026%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-01-insecure-defaults-auth-login-prompt-enabled?p_r_p_assetEntryId=121612026&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612026%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41414","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41414"},{"reference_url":"https://github.com/advisories/GHSA-9427-7f65-88c8","reference_id":"GHSA-9427-7f65-88c8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9427-7f65-88c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61432?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3"},{"url":"http://public2.vulnerablecode.io/api/packages/609681?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2022-41414","GHSA-9427-7f65-88c8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fn6-apud-qbh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112028?format=json","vulnerability_id":"VCID-2gt6-dn6q-z3bc","summary":"Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter\nLiferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submitted the payload. An attacker could escalate its privileges in case an admin visits the calendar that injected the payload.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25476","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64027","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63977","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64005","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64017","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64019","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25476"},{"reference_url":"https://github.com/community-security-team/liferay-portal/compare/7.1.3-ga4...7.1.3-cumulative.patch","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/community-security-team/liferay-portal/compare/7.1.3-ga4...7.1.3-cumulative.patch"},{"reference_url":"https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25476","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25476"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119318646","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119318646"},{"reference_url":"https://github.com/advisories/GHSA-pvpg-9553-f979","reference_id":"GHSA-pvpg-9553-f979","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pvpg-9553-f979"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/520087?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-g2jp-ueyr-gkav"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-m1tw-29pq-h3gw"},{"vulnerability":"VCID-m52g-mrb5-ufcq"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-sn9p-y571-ffej"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-ub82-jbgf-mfb8"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vkgz-zx58-3yet"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-wwhx-5znm-nyea"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yq5x-4eyq-m7ba"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.2.1-1"}],"aliases":["CVE-2020-25476","GHSA-pvpg-9553-f979"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gt6-dn6q-z3bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57910?format=json","vulnerability_id":"VCID-2mtb-mdha-qufv","summary":"Liferay Portal Vulnerable to Cross-Site Request Forgery\nInsufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43748","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10885","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10966","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43748"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17839","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17839"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748","reference_id":"CVE-2025-43748","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-22T03:55:44Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43748","reference_id":"CVE-2025-43748","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43748"},{"reference_url":"https://github.com/advisories/GHSA-p9gc-59hf-x48p","reference_id":"GHSA-p9gc-59hf-x48p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p9gc-59hf-x48p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86133?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u1pr-9cpx-q3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120"},{"url":"http://public2.vulnerablecode.io/api/packages/808919?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-brjh-tyur-ebc8"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-csnj-331s-43ea"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-u1pr-9cpx-q3hg"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125"}],"aliases":["CVE-2025-43748","GHSA-p9gc-59hf-x48p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2mtb-mdha-qufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47045?format=json","vulnerability_id":"VCID-38vz-usgx-g7dv","summary":"Liferay Portal defaults to a low work factor for the default password hashing algorithm\nThe default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25607","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27274","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27324","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27364","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27414","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25607"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607","reference_id":"CVE-2024-25607","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-20T13:27:04Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25607","reference_id":"CVE-2024-25607","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25607"},{"reference_url":"https://github.com/advisories/GHSA-43h9-p3j4-39hm","reference_id":"GHSA-43h9-p3j4-39hm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43h9-p3j4-39hm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69017?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14"}],"aliases":["CVE-2024-25607","GHSA-43h9-p3j4-39hm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38vz-usgx-g7dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111691?format=json","vulnerability_id":"VCID-3nm8-13hg-myh4","summary":"Exposure of Resource to Wrong Sphere in Liferay Portal\nLiferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote attackers to obtain sensitive information including the targeted user’s email address and current CSRF token.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33330","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43097","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43071","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43145","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43153","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43132","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33330"},{"reference_url":"https://issues.liferay.com/browse/LPE-17127","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17127"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33330","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33330"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747720","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747720"},{"reference_url":"https://github.com/advisories/GHSA-6xxc-4jc4-7jv3","reference_id":"GHSA-6xxc-4jc4-7jv3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xxc-4jc4-7jv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69083?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.3"}],"aliases":["CVE-2021-33330","GHSA-6xxc-4jc4-7jv3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3nm8-13hg-myh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45253?format=json","vulnerability_id":"VCID-4611-azkf-sffv","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33939","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53255","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53219","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53263","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33939"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939","reference_id":"CVE-2023-33939","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:45:50Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33939","reference_id":"CVE-2023-33939","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33939"},{"reference_url":"https://github.com/advisories/GHSA-53mw-69qx-q4fc","reference_id":"GHSA-53mw-69qx-q4fc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-53mw-69qx-q4fc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65209?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13"}],"aliases":["CVE-2023-33939","GHSA-53mw-69qx-q4fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4611-azkf-sffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47091?format=json","vulnerability_id":"VCID-4mcy-yw2p-v7bd","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nStored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25601","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35673","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35713","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35702","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25601"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601","reference_id":"CVE-2024-25601","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T14:15:10Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25601","reference_id":"CVE-2024-25601","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25601"},{"reference_url":"https://github.com/advisories/GHSA-cr36-3vqf-x5w5","reference_id":"GHSA-cr36-3vqf-x5w5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr36-3vqf-x5w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/609681?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25601","GHSA-cr36-3vqf-x5w5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mcy-yw2p-v7bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111739?format=json","vulnerability_id":"VCID-68kz-zfvf-7ucw","summary":"Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs\nThe Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the p_auth parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33338","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28973","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29006","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29007","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29043","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29076","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33338"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17030","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17030"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33338","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33338"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748276","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748276"},{"reference_url":"https://github.com/advisories/GHSA-4frg-rpx6-96qh","reference_id":"GHSA-4frg-rpx6-96qh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4frg-rpx6-96qh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69083?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.3"}],"aliases":["CVE-2021-33338","GHSA-4frg-rpx6-96qh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-68kz-zfvf-7ucw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54459?format=json","vulnerability_id":"VCID-6q85-j656-wyeh","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nThe redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24554","reference_id":"","reference_type":"","scores":[{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71054","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71078","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71085","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71068","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24554"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784956","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784956"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24554","reference_id":"CVE-2020-24554","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24554"},{"reference_url":"https://github.com/advisories/GHSA-mg53-xr8m-86hw","reference_id":"GHSA-mg53-xr8m-86hw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg53-xr8m-86hw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69083?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.3"}],"aliases":["CVE-2020-24554","GHSA-mg53-xr8m-86hw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q85-j656-wyeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111743?format=json","vulnerability_id":"VCID-6yj4-11z6-pfhx","summary":"Liferay Portal and Liferay DXP Don't Check Permissions of Pages\nThe Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33324","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30689","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30721","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30755","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30657","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30682","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33324"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17001","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33324","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33324"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063"},{"reference_url":"https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063"},{"reference_url":"https://github.com/advisories/GHSA-474f-cmx5-gm69","reference_id":"GHSA-474f-cmx5-gm69","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-474f-cmx5-gm69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60881?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2"}],"aliases":["CVE-2021-33324","GHSA-474f-cmx5-gm69"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6yj4-11z6-pfhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46963?format=json","vulnerability_id":"VCID-77qw-vmwe-x3d4","summary":"Liferay Portal denial of service (memory consumption)\nThe Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25143","reference_id":"","reference_type":"","scores":[{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.7343","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73404","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73417","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73425","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25143"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/29b73b9b896c7d44fb5d1800a402698c303d1cf6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/29b73b9b896c7d44fb5d1800a402698c303d1cf6"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4381c10ad0722b3b00c3e3567b68538ab0994145","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4381c10ad0722b3b00c3e3567b68538ab0994145"},{"reference_url":"https://github.com/liferay/liferay-portal/releases/tag/7.3.7-ga8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/releases/tag/7.3.7-ga8"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143","reference_id":"CVE-2024-25143","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T20:07:01Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25143","reference_id":"CVE-2024-25143","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25143"},{"reference_url":"https://github.com/advisories/GHSA-87m3-6qj3-p3xh","reference_id":"GHSA-87m3-6qj3-p3xh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87m3-6qj3-p3xh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68800?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-j127-h1mf-nqam"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uug8-ap5n-r3g2"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.7"}],"aliases":["CVE-2024-25143","GHSA-87m3-6qj3-p3xh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77qw-vmwe-x3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47054?format=json","vulnerability_id":"VCID-8jv6-163j-a7b2","summary":"Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options\nLiferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the \"Limit membership to members of the parent site\" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25149","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49488","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49517","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49533","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49523","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25149"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149","reference_id":"CVE-2024-25149","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:46:50Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25149","reference_id":"CVE-2024-25149","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25149"},{"reference_url":"https://github.com/advisories/GHSA-qpgh-6v9w-vfv6","reference_id":"GHSA-qpgh-6v9w-vfv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpgh-6v9w-vfv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61432?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3"},{"url":"http://public2.vulnerablecode.io/api/packages/609681?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25149","GHSA-qpgh-6v9w-vfv6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jv6-163j-a7b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47047?format=json","vulnerability_id":"VCID-9471-umbz-pucy","summary":"Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API\nThe Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25605","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40209","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40238","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40266","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40263","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25605"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605","reference_id":"CVE-2024-25605","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:21:08Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25605","reference_id":"CVE-2024-25605","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25605"},{"reference_url":"https://github.com/advisories/GHSA-mf8h-grfg-j9j3","reference_id":"GHSA-mf8h-grfg-j9j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mf8h-grfg-j9j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69030?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/609682?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2024-25605","GHSA-mf8h-grfg-j9j3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9471-umbz-pucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47064?format=json","vulnerability_id":"VCID-9yw4-52sc-rbbz","summary":"Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes\nHtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25609","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49676","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49705","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49723","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49713","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25609"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609","reference_id":"CVE-2024-25609","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T19:18:48Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25609","reference_id":"CVE-2024-25609","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25609"},{"reference_url":"https://github.com/advisories/GHSA-3qq5-wcrx-4h8r","reference_id":"GHSA-3qq5-wcrx-4h8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qq5-wcrx-4h8r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69055?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13-ga13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13-ga13"},{"url":"http://public2.vulnerablecode.io/api/packages/69017?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14"}],"aliases":["CVE-2024-25609","GHSA-3qq5-wcrx-4h8r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9yw4-52sc-rbbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46965?format=json","vulnerability_id":"VCID-a7z8-2fzy-2qee","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nStored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25145","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35673","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35713","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35702","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25145"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145","reference_id":"CVE-2024-25145","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-08T17:02:17Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25145","reference_id":"CVE-2024-25145","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25145"},{"reference_url":"https://github.com/advisories/GHSA-9vgq-w5pv-v77q","reference_id":"GHSA-9vgq-w5pv-v77q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vgq-w5pv-v77q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68810?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.12"}],"aliases":["CVE-2024-25145","GHSA-9vgq-w5pv-v77q"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7z8-2fzy-2qee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47075?format=json","vulnerability_id":"VCID-b7h9-cxkj-hkc8","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nStored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25152","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35673","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35713","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35702","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25152"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152","reference_id":"CVE-2024-25152","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T19:54:47Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25152","reference_id":"CVE-2024-25152","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25152"},{"reference_url":"https://github.com/advisories/GHSA-p28x-4r5h-ph6j","reference_id":"GHSA-p28x-4r5h-ph6j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p28x-4r5h-ph6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/609681?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25152","GHSA-p28x-4r5h-ph6j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7h9-cxkj-hkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111115?format=json","vulnerability_id":"VCID-c4kq-8dpb-bkc7","summary":"Liferay Portal and Liferay DXP Fails to Sanitize API Data\nLiferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 19, and 7.2 before fix pack 7, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13444","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48437","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48432","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48389","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48369","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48418","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13444"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17009","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13444","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13444"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396"},{"reference_url":"https://github.com/advisories/GHSA-8j5r-9687-88w5","reference_id":"GHSA-8j5r-9687-88w5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8j5r-9687-88w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60881?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2"}],"aliases":["CVE-2020-13444","GHSA-8j5r-9687-88w5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4kq-8dpb-bkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56356?format=json","vulnerability_id":"VCID-cj4m-mvzh-ckh4","summary":"Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting\nReflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11993","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38795","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38743","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38772","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38799","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11993"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993","reference_id":"CVE-2024-11993","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:24:48Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11993","reference_id":"CVE-2024-11993","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11993"},{"reference_url":"https://github.com/advisories/GHSA-4hxr-28mv-q729","reference_id":"GHSA-4hxr-28mv-q729","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4hxr-28mv-q729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83550?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-3hm3-htje-akgd"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dvp1-5vf5-qfg9"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ej5y-geq1-pkfn"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.39"}],"aliases":["CVE-2024-11993","GHSA-4hxr-28mv-q729"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cj4m-mvzh-ckh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112465?format=json","vulnerability_id":"VCID-d7nb-6hvn-cueh","summary":"Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting\nCross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortlet_name parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33339","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38154","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38189","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38219","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38246","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38243","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33339"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17102","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17102"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33339","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33339"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747934","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747934"},{"reference_url":"https://github.com/advisories/GHSA-7pxh-q6jw-6xj8","reference_id":"GHSA-7pxh-q6jw-6xj8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7pxh-q6jw-6xj8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151059?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7f43-u96s-qyeq"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebmm-3qj1-8uec"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-fxtu-zgpf-cbhs"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-ykxs-jz2j-bqay"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5"}],"aliases":["CVE-2021-33339","GHSA-7pxh-q6jw-6xj8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7nb-6hvn-cueh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47061?format=json","vulnerability_id":"VCID-e5c7-wsvb-dyfm","summary":"Liferay Portal and Liferay DXP HTTP Header Can Expose Versions\nIn Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26267","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45156","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45185","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45205","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45202","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26267"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267","reference_id":"CVE-2024-26267","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:20:52Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26267","reference_id":"CVE-2024-26267","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26267"},{"reference_url":"https://github.com/advisories/GHSA-2mvj-q2q3-wxjv","reference_id":"GHSA-2mvj-q2q3-wxjv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mvj-q2q3-wxjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69048?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.26-ga26","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.26-ga26"},{"url":"http://public2.vulnerablecode.io/api/packages/68840?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dvp1-5vf5-qfg9"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ej5y-geq1-pkfn"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27"}],"aliases":["CVE-2024-26267","GHSA-2mvj-q2q3-wxjv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5c7-wsvb-dyfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56369?format=json","vulnerability_id":"VCID-e5h2-wvws-3yhq","summary":"Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page\nCross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37940","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38772","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38743","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38795","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38799","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37940"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940","reference_id":"CVE-2023-37940","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37940","reference_id":"CVE-2023-37940","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37940"},{"reference_url":"https://github.com/advisories/GHSA-px38-239g-x5mg","reference_id":"GHSA-px38-239g-x5mg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-px38-239g-x5mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83576?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-3hm3-htje-akgd"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-brjh-tyur-ebc8"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-csnj-331s-43ea"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ej5y-geq1-pkfn"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mbd8-z3ry-cqap"},{"vulnerability":"VCID-mf9a-eusx-f3gb"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-rs2y-3c75-uycm"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-su57-hncy-5qg4"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xv4h-g41b-c7c7"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88"}],"aliases":["CVE-2023-37940","GHSA-px38-239g-x5mg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5h2-wvws-3yhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57144?format=json","vulnerability_id":"VCID-ebzh-bpks-5qe2","summary":"Liferay Cross-site Scripting vulnerability\nA stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3760","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.363","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36235","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36271","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36309","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3760"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760","reference_id":"CVE-2025-3760","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:22:03Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3760","reference_id":"CVE-2025-3760","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3760"},{"reference_url":"https://github.com/advisories/GHSA-qhp6-vp7c-g7xp","reference_id":"GHSA-qhp6-vp7c-g7xp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qhp6-vp7c-g7xp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84867?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-u1pr-9cpx-q3hg"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132"}],"aliases":["CVE-2025-3760","GHSA-qhp6-vp7c-g7xp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebzh-bpks-5qe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45262?format=json","vulnerability_id":"VCID-g2jp-ueyr-gkav","summary":"Insecure Default Initialization In Liferay Portal\nIn Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33949","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57037","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57187","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57183","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57195","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33949"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949","reference_id":"CVE-2023-33949","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:48:38Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33949","reference_id":"CVE-2023-33949","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33949"},{"reference_url":"https://github.com/advisories/GHSA-g9mr-9xfc-4gf7","reference_id":"GHSA-g9mr-9xfc-4gf7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g9mr-9xfc-4gf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65206?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yq5x-4eyq-m7ba"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1"}],"aliases":["CVE-2023-33949","GHSA-g9mr-9xfc-4gf7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2jp-ueyr-gkav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46979?format=json","vulnerability_id":"VCID-ggs5-4zac-vqa7","summary":"Liferay Portal denial-of-service vulnerability\nThe IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25144","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55172","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55145","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55163","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55165","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25144"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144","reference_id":"CVE-2024-25144","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:11:12Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25144","reference_id":"CVE-2024-25144","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25144"},{"reference_url":"https://github.com/advisories/GHSA-w275-m8cr-hf2v","reference_id":"GHSA-w275-m8cr-hf2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w275-m8cr-hf2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68840?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dvp1-5vf5-qfg9"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ej5y-geq1-pkfn"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27"}],"aliases":["CVE-2024-25144","GHSA-w275-m8cr-hf2v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggs5-4zac-vqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111645?format=json","vulnerability_id":"VCID-gz3a-m337-s7dn","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page\nCross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_my_sites_web_portlet_MySitesPortlet_comments parameter.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29044","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65127","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6518","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65169","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65156","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65168","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29044"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29044","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29044"},{"reference_url":"https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548"},{"reference_url":"https://github.com/advisories/GHSA-wcr5-3q96-c2gr","reference_id":"GHSA-wcr5-3q96-c2gr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcr5-3q96-c2gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150185?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29044","GHSA-wcr5-3q96-c2gr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gz3a-m337-s7dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47080?format=json","vulnerability_id":"VCID-h261-uqtv-yfek","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nStored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25602","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64339","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64995","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.65007","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64997","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25602"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602","reference_id":"CVE-2024-25602","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:23:34Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25602","reference_id":"CVE-2024-25602","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25602"},{"reference_url":"https://github.com/advisories/GHSA-v2xq-m22w-jmpr","reference_id":"GHSA-v2xq-m22w-jmpr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v2xq-m22w-jmpr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/609681?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-1"}],"aliases":["CVE-2024-25602","GHSA-v2xq-m22w-jmpr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h261-uqtv-yfek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47049?format=json","vulnerability_id":"VCID-hhmu-vsj9-gudx","summary":"Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)\nIn Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25610","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.2821","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28248","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28288","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28338","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25610"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610","reference_id":"CVE-2024-25610","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-28T13:32:33Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25610","reference_id":"CVE-2024-25610","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25610"},{"reference_url":"https://github.com/advisories/GHSA-vvpf-53qx-cxhh","reference_id":"GHSA-vvpf-53qx-cxhh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvpf-53qx-cxhh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65209?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.13"}],"aliases":["CVE-2024-25610","GHSA-vvpf-53qx-cxhh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhmu-vsj9-gudx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47078?format=json","vulnerability_id":"VCID-hrnu-4t2j-9qba","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25147","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34772","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34808","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34843","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34827","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25147"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147","reference_id":"CVE-2024-25147","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T16:15:43Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25147","reference_id":"CVE-2024-25147","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25147"},{"reference_url":"https://github.com/advisories/GHSA-xpjg-7hx7-wgcx","reference_id":"GHSA-xpjg-7hx7-wgcx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpjg-7hx7-wgcx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/609680?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.1-1"}],"aliases":["CVE-2024-25147","GHSA-xpjg-7hx7-wgcx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrnu-4t2j-9qba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46974?format=json","vulnerability_id":"VCID-hw1d-gdcv-vkec","summary":"Liferay Portal vulnerable to user impersonation\nIn Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25148","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63146","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63122","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63136","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63137","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25148"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148","reference_id":"CVE-2024-25148","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T17:33:36Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25148","reference_id":"CVE-2024-25148","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25148"},{"reference_url":"https://github.com/advisories/GHSA-qwj8-qgpr-8crm","reference_id":"GHSA-qwj8-qgpr-8crm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwj8-qgpr-8crm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68824?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2"}],"aliases":["CVE-2024-25148","GHSA-qwj8-qgpr-8crm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hw1d-gdcv-vkec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110228?format=json","vulnerability_id":"VCID-k1u8-ur3y-zucd","summary":"Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL\nThe Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42132","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56121","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56115","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5606","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56107","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42132"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430"},{"reference_url":"https://issues.liferay.com/browse/LPE-17438","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"https://issues.liferay.com/browse/LPE-17438"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42132","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42132"},{"reference_url":"https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132","reference_id":"cve-2022-42132","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"},{"reference_url":"https://github.com/advisories/GHSA-f43m-hhj4-q3jg","reference_id":"GHSA-f43m-hhj4-q3jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f43m-hhj4-q3jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69030?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/609682?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2022-42132","GHSA-f43m-hhj4-q3jg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1u8-ur3y-zucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111167?format=json","vulnerability_id":"VCID-k29y-9nww-cuh6","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)\nCross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_portlet_PortletConfigurationCSSPortlet_portletResource parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33332","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34738","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34704","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47832","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47899","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47895","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33332"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17053","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17053"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33332","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33332"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748366","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748366"},{"reference_url":"https://github.com/advisories/GHSA-9995-qvcg-x7g6","reference_id":"GHSA-9995-qvcg-x7g6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9995-qvcg-x7g6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/520090?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1"}],"aliases":["CVE-2021-33332","GHSA-9995-qvcg-x7g6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k29y-9nww-cuh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47065?format=json","vulnerability_id":"VCID-k9yt-aj7x-3bht","summary":"Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character\nHtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25608","reference_id":"","reference_type":"","scores":[{"value":"0.1765","scoring_system":"epss","scoring_elements":"0.95238","published_at":"2026-06-08T12:55:00Z"},{"value":"0.1765","scoring_system":"epss","scoring_elements":"0.95239","published_at":"2026-06-07T12:55:00Z"},{"value":"0.1765","scoring_system":"epss","scoring_elements":"0.95236","published_at":"2026-06-06T12:55:00Z"},{"value":"0.1765","scoring_system":"epss","scoring_elements":"0.95235","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25608"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608","reference_id":"CVE-2024-25608","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:50:15Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25608","reference_id":"CVE-2024-25608","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25608"},{"reference_url":"https://github.com/advisories/GHSA-548x-j6x6-hcv4","reference_id":"GHSA-548x-j6x6-hcv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-548x-j6x6-hcv4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69072?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19-ga19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.19-ga19"},{"url":"http://public2.vulnerablecode.io/api/packages/609688?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ej5y-geq1-pkfn"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.20"}],"aliases":["CVE-2024-25608","GHSA-548x-j6x6-hcv4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k9yt-aj7x-3bht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47062?format=json","vulnerability_id":"VCID-kjbx-n3pd-yba9","summary":"Liferay Portal vulnerable to Denial of Service\nThe Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26265","reference_id":"","reference_type":"","scores":[{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.7215","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.72137","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.72171","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.72164","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26265"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265","reference_id":"CVE-2024-26265","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:41:28Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26265","reference_id":"CVE-2024-26265","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26265"},{"reference_url":"https://github.com/advisories/GHSA-29xx-fhff-36m7","reference_id":"GHSA-29xx-fhff-36m7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29xx-fhff-36m7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69051?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16"}],"aliases":["CVE-2024-26265","GHSA-29xx-fhff-36m7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjbx-n3pd-yba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111188?format=json","vulnerability_id":"VCID-m1tw-29pq-h3gw","summary":"Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection\nLiferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15841","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56838","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56818","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56787","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56845","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15841"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-16928","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-16928"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15841","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15841"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439"},{"reference_url":"https://github.com/advisories/GHSA-773f-f929-qgjj","reference_id":"GHSA-773f-f929-qgjj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-773f-f929-qgjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65210?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-g2jp-ueyr-gkav"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-m52g-mrb5-ufcq"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-sn9p-y571-ffej"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-ub82-jbgf-mfb8"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yq5x-4eyq-m7ba"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.0"}],"aliases":["CVE-2020-15841","GHSA-773f-f929-qgjj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1tw-29pq-h3gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45264?format=json","vulnerability_id":"VCID-m52g-mrb5-ufcq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nStored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33937","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53255","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53219","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53263","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33937"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33937","reference_id":"CVE-2023-33937","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:46:27Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33937"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33937","reference_id":"CVE-2023-33937","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33937"},{"reference_url":"https://github.com/advisories/GHSA-v6m2-j92j-2h78","reference_id":"GHSA-v6m2-j92j-2h78","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6m2-j92j-2h78"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65206?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yq5x-4eyq-m7ba"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1"}],"aliases":["CVE-2023-33937","GHSA-v6m2-j92j-2h78"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m52g-mrb5-ufcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47063?format=json","vulnerability_id":"VCID-mcea-q7za-duay","summary":"Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions\nLiferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25604","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.2533","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25388","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25436","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.2545","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25604"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4a196df20e180be76944cd0c623df486379d7724"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/f028316fa975d2e13bed7ef49d69ab77f412765e"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604","reference_id":"CVE-2024-25604","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:38:45Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25604","reference_id":"CVE-2024-25604","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25604"},{"reference_url":"https://github.com/advisories/GHSA-pw7p-3648-qqmg","reference_id":"GHSA-pw7p-3648-qqmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw7p-3648-qqmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69030?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/609682?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2024-25604","GHSA-pw7p-3648-qqmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mcea-q7za-duay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46977?format=json","vulnerability_id":"VCID-p9am-1rhf-6bh2","summary":"Observable Response Discrepancy\nLiferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25146","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60208","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60225","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60238","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60235","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25146"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146","reference_id":"CVE-2024-25146","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:08Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25146","reference_id":"CVE-2024-25146","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25146"},{"reference_url":"https://github.com/advisories/GHSA-mqf8-4cqm-p83x","reference_id":"GHSA-mqf8-4cqm-p83x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqf8-4cqm-p83x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68824?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2"}],"aliases":["CVE-2024-25146","GHSA-mqf8-4cqm-p83x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9am-1rhf-6bh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47093?format=json","vulnerability_id":"VCID-pczz-39pz-37bb","summary":"Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting\nStored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25603","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35673","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35713","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35702","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25603"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603","reference_id":"CVE-2024-25603","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-15T15:56:27Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25603","reference_id":"CVE-2024-25603","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25603"},{"reference_url":"https://github.com/advisories/GHSA-44jg-jgjx-3xg5","reference_id":"GHSA-44jg-jgjx-3xg5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-44jg-jgjx-3xg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69097?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2024-25603","GHSA-44jg-jgjx-3xg5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pczz-39pz-37bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111512?format=json","vulnerability_id":"VCID-qar1-pfr5-ekfm","summary":"Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages\nThe JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29040","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61152","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61209","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61201","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61178","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61195","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29040"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29040","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29040"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429"},{"reference_url":"https://web.archive.org/web/20220828222656/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220828222656/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429"},{"reference_url":"https://github.com/advisories/GHSA-87x7-pwrx-jch7","reference_id":"GHSA-87x7-pwrx-jch7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87x7-pwrx-jch7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151059?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7f43-u96s-qyeq"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebmm-3qj1-8uec"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-fxtu-zgpf-cbhs"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-ykxs-jz2j-bqay"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5"}],"aliases":["CVE-2021-29040","GHSA-87x7-pwrx-jch7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qar1-pfr5-ekfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47086?format=json","vulnerability_id":"VCID-qks2-mqk8-wffq","summary":"Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26269","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34772","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34808","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34843","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34827","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26269"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269","reference_id":"CVE-2024-26269","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T16:16:54Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26269","reference_id":"CVE-2024-26269","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26269"},{"reference_url":"https://github.com/advisories/GHSA-rwhv-hvj2-qrqm","reference_id":"GHSA-rwhv-hvj2-qrqm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwhv-hvj2-qrqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69086?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-3hm3-htje-akgd"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dvp1-5vf5-qfg9"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ej5y-geq1-pkfn"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.38"}],"aliases":["CVE-2024-26269","GHSA-rwhv-hvj2-qrqm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qks2-mqk8-wffq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112292?format=json","vulnerability_id":"VCID-sn9p-y571-ffej","summary":"Liferay Portal and Liferay DXP Bypass via Double Encoded URL\nIn Liferay Portal before 7.3.1, com.liferay.portal:com.liferay.portal.impl before 7.1.3 and 7.4.0, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15840","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41192","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41222","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41218","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41162","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41143","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15840"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17046","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17046"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15840","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15840"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-COMLIFERAYPORTAL-1296538","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-COMLIFERAYPORTAL-1296538"},{"reference_url":"https://github.com/advisories/GHSA-vrwx-q9pj-x488","reference_id":"GHSA-vrwx-q9pj-x488","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrwx-q9pj-x488"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65206?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yq5x-4eyq-m7ba"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1"}],"aliases":["CVE-2020-15840","GHSA-vrwx-q9pj-x488"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sn9p-y571-ffej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112255?format=json","vulnerability_id":"VCID-t51p-askk-pfcx","summary":"Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers\nPrivilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33335","reference_id":"","reference_type":"","scores":[{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70803","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70821","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70814","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70791","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70772","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33335"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17103","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17103"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33335","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33335"},{"reference_url":"https://web.archive.org/web/20220828222916/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747906","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220828222916/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747906"},{"reference_url":"https://github.com/advisories/GHSA-5gh9-g62h-f35m","reference_id":"GHSA-5gh9-g62h-f35m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5gh9-g62h-f35m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151059?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7f43-u96s-qyeq"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebmm-3qj1-8uec"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-fxtu-zgpf-cbhs"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-ykxs-jz2j-bqay"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5"}],"aliases":["CVE-2021-33335","GHSA-5gh9-g62h-f35m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t51p-askk-pfcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56045?format=json","vulnerability_id":"VCID-turp-jxv8-1fgy","summary":"Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console\nThe Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability. This issue has been patched in Liferay Portal 7.4.3.102, Liferay DXP 2024.Q1.1, Liferay DXP 2023.Q4.0, Liferay DXP 2023.Q3.5, and Liferay DXP 7.3 Update 36.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8980","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59883","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59864","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59889","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59892","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8980"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980","reference_id":"CVE-2024-8980","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:02:17Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8980","reference_id":"CVE-2024-8980","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8980"},{"reference_url":"https://github.com/advisories/GHSA-chj2-4vg7-hhg3","reference_id":"GHSA-chj2-4vg7-hhg3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-chj2-4vg7-hhg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83034?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102"},{"url":"http://public2.vulnerablecode.io/api/packages/718353?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-3hm3-htje-akgd"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-brjh-tyur-ebc8"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-csnj-331s-43ea"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-rs2y-3c75-uycm"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-su57-hncy-5qg4"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103"}],"aliases":["CVE-2024-8980","GHSA-chj2-4vg7-hhg3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-turp-jxv8-1fgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46973?format=json","vulnerability_id":"VCID-ub82-jbgf-mfb8","summary":"Liferay Portal's account lockout does not invalidate existing user sessions\nAccount lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47798","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40263","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40207","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40261","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47798"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798","reference_id":"CVE-2023-47798","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:49:56Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47798","reference_id":"CVE-2023-47798","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47798"},{"reference_url":"https://github.com/advisories/GHSA-2mx7-xvfg-fg53","reference_id":"GHSA-2mx7-xvfg-fg53","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mx7-xvfg-fg53"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65206?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yq5x-4eyq-m7ba"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1"}],"aliases":["CVE-2023-47798","GHSA-2mx7-xvfg-fg53"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ub82-jbgf-mfb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111266?format=json","vulnerability_id":"VCID-uv23-yfgk-87h9","summary":"Liferay Portal and Liferay DXP insecure default configuration\nInsecure default configuration in portal services implementation before 5.11.0 in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33321","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54805","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54812","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54802","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54785","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54744","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33321"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/06df28c5ad618afed967fa485418e6cc29c70f38","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/06df28c5ad618afed967fa485418e6cc29c70f38"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/37de1d78d9b1c4a473e3233a6ea146c741075e18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/37de1d78d9b1c4a473e3233a6ea146c741075e18"},{"reference_url":"https://help.liferay.com/hc/en-us/articles/360050785632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://help.liferay.com/hc/en-us/articles/360050785632"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33321","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33321"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748055","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748055"},{"reference_url":"https://github.com/advisories/GHSA-jfch-m2x3-2v66","reference_id":"GHSA-jfch-m2x3-2v66","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfch-m2x3-2v66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69083?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.3"}],"aliases":["CVE-2021-33321","GHSA-jfch-m2x3-2v66"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uv23-yfgk-87h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47072?format=json","vulnerability_id":"VCID-vez2-knrw-ubbe","summary":"Privilege escalation in Liferay Portal\nLiferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45320","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58572","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58603","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58625","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58618","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45320"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320","reference_id":"CVE-2022-45320","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:24:47Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45320","reference_id":"CVE-2022-45320","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45320"},{"reference_url":"https://github.com/advisories/GHSA-mc8m-4r3w-q2hw","reference_id":"GHSA-mc8m-4r3w-q2hw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mc8m-4r3w-q2hw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69051?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.16"}],"aliases":["CVE-2022-45320","GHSA-mc8m-4r3w-q2hw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vez2-knrw-ubbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112226?format=json","vulnerability_id":"VCID-vkgz-zx58-3yet","summary":"Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet\nIn LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results).","references":[{"reference_url":"http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7934","reference_id":"","reference_type":"","scores":[{"value":"0.03286","scoring_system":"epss","scoring_elements":"0.87424","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03286","scoring_system":"epss","scoring_elements":"0.87446","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03394","scoring_system":"epss","scoring_elements":"0.87647","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03394","scoring_system":"epss","scoring_elements":"0.87646","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7934"},{"reference_url":"https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7934","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7934"},{"reference_url":"https://web.archive.org/web/20200808034429/https://semanticbits.com/liferay-portal-authenticated-xss-disclosure","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200808034429/https://semanticbits.com/liferay-portal-authenticated-xss-disclosure"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49091.txt","reference_id":"CVE-2020-7934","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49091.txt"},{"reference_url":"https://github.com/advisories/GHSA-f99h-h678-fgg4","reference_id":"GHSA-f99h-h678-fgg4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f99h-h678-fgg4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65210?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-g2jp-ueyr-gkav"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-m52g-mrb5-ufcq"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-sn9p-y571-ffej"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-ub82-jbgf-mfb8"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yq5x-4eyq-m7ba"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.0"}],"aliases":["CVE-2020-7934","GHSA-f99h-h678-fgg4"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vkgz-zx58-3yet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111083?format=json","vulnerability_id":"VCID-vrqa-ggse-wqhn","summary":"Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution\nIn Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13445","reference_id":"","reference_type":"","scores":[{"value":"0.0371","scoring_system":"epss","scoring_elements":"0.88176","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0371","scoring_system":"epss","scoring_elements":"0.88199","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0371","scoring_system":"epss","scoring_elements":"0.882","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0371","scoring_system":"epss","scoring_elements":"0.88196","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13445"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17023","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17023"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13445","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13445"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce"},{"reference_url":"https://github.com/advisories/GHSA-v377-8f8f-532h","reference_id":"GHSA-v377-8f8f-532h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v377-8f8f-532h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60881?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2"}],"aliases":["CVE-2020-13445","GHSA-v377-8f8f-532h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrqa-ggse-wqhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111196?format=json","vulnerability_id":"VCID-wwhx-5znm-nyea","summary":"Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability\nLiferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15842","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69011","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69002","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68989","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68963","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69005","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15842"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-16963","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-16963"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15842","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15842"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427"},{"reference_url":"https://github.com/advisories/GHSA-mg3r-9jh8-33r9","reference_id":"GHSA-mg3r-9jh8-33r9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg3r-9jh8-33r9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65210?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-g2jp-ueyr-gkav"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-m52g-mrb5-ufcq"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-sn9p-y571-ffej"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-ub82-jbgf-mfb8"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yq5x-4eyq-m7ba"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.0"}],"aliases":["CVE-2020-15842","GHSA-mg3r-9jh8-33r9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwhx-5znm-nyea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111401?format=json","vulnerability_id":"VCID-x7ny-9pvm-77eh","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App\nCross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId parameter.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29051","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55074","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55139","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55132","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55112","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5513","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29051"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29051","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29051"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"},{"reference_url":"https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"},{"reference_url":"https://github.com/advisories/GHSA-jvvx-8g42-9559","reference_id":"GHSA-jvvx-8g42-9559","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvvx-8g42-9559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150185?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29051","GHSA-jvvx-8g42-9559"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7ny-9pvm-77eh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47088?format=json","vulnerability_id":"VCID-xuaz-p5q4-8beh","summary":"Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing\nThe Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25151","reference_id":"","reference_type":"","scores":[{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62601","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62615","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62626","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62617","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25151"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151","reference_id":"CVE-2024-25151","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:59:16Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25151","reference_id":"CVE-2024-25151","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25151"},{"reference_url":"https://github.com/advisories/GHSA-hgr6-6hhw-883f","reference_id":"GHSA-hgr6-6hhw-883f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgr6-6hhw-883f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65212?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4"}],"aliases":["CVE-2024-25151","GHSA-hgr6-6hhw-883f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xuaz-p5q4-8beh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110294?format=json","vulnerability_id":"VCID-y8xm-g4zt-b7b5","summary":"Improper Certificate Validation in Liferay Portal\nCertain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/"}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42131","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31917","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31944","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32017","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31986","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31949","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42131"},{"reference_url":"https://issues.liferay.com/browse/LPE-17377","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/"}],"url":"https://issues.liferay.com/browse/LPE-17377"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42131","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42131"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:21:43Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131"},{"reference_url":"https://github.com/advisories/GHSA-cx84-43xc-3gm2","reference_id":"GHSA-cx84-43xc-3gm2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cx84-43xc-3gm2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65212?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-bbzr-zx1c-m3ck"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4"}],"aliases":["CVE-2022-42131","GHSA-cx84-43xc-3gm2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8xm-g4zt-b7b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47085?format=json","vulnerability_id":"VCID-ydhb-8z5m-v7fb","summary":"Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting\nMultiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26266","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35673","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35713","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35702","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26266"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266","reference_id":"CVE-2024-26266","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:43:41Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26266","reference_id":"CVE-2024-26266","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26266"},{"reference_url":"https://github.com/advisories/GHSA-rwxc-4cmw-7x75","reference_id":"GHSA-rwxc-4cmw-7x75","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwxc-4cmw-7x75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69017?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.14"}],"aliases":["CVE-2024-26266","GHSA-rwxc-4cmw-7x75"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydhb-8z5m-v7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112125?format=json","vulnerability_id":"VCID-yq5x-4eyq-m7ba","summary":"Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs\nOpen redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33331","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58217","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58227","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58218","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58202","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58169","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33331"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17022","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17022"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33331","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33331"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627"},{"reference_url":"https://github.com/advisories/GHSA-mj8w-h522-jwm8","reference_id":"GHSA-mj8w-h522-jwm8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj8w-h522-jwm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/520089?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1-1"}],"aliases":["CVE-2021-33331","GHSA-mj8w-h522-jwm8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yq5x-4eyq-m7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111517?format=json","vulnerability_id":"VCID-yump-6eg9-9yeq","summary":"Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions\nThe Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33333","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5215","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5217","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52161","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5212","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52101","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33333"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17032","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17032"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33333","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33333"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747742","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747742"},{"reference_url":"https://github.com/advisories/GHSA-g7xc-m762-wg8f","reference_id":"GHSA-g7xc-m762-wg8f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g7xc-m762-wg8f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/520090?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1"}],"aliases":["CVE-2021-33333","GHSA-g7xc-m762-wg8f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yump-6eg9-9yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110338?format=json","vulnerability_id":"VCID-zmf4-acz8-s3a2","summary":"Incorrect Default Permissions in Liferay Portal\nThe Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/"}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42130","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4078","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40759","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40837","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40841","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40811","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42130"},{"reference_url":"https://issues.liferay.com/browse/LPE-17447","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/"}],"url":"https://issues.liferay.com/browse/LPE-17447"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42130","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42130"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:26:36Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130"},{"reference_url":"https://github.com/advisories/GHSA-mxvq-cv4x-p3jw","reference_id":"GHSA-mxvq-cv4x-p3jw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxvq-cv4x-p3jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69097?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5"}],"aliases":["CVE-2022-42130","GHSA-mxvq-cv4x-p3jw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmf4-acz8-s3a2"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.2.1"}