{"url":"http://public2.vulnerablecode.io/api/packages/541775?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1","type":"maven","namespace":"com.liferay.portal","name":"release.dxp.bom","version":"7.2.10.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.3u36","latest_non_vulnerable_version":"2025.Q2.10","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208339?format=json","vulnerability_id":"VCID-6aqp-gny4-5ffp","summary":"Liferay Portal and Liferay DXP fails to check origin of event messages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25146","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33845","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25146"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25146","reference_id":"CVE-2022-25146","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25146"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps","reference_id":"CVE-2022-25146-CSRF-TOKEN-EXFILTRATION-VIA-REMOTE-APPS","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps"},{"reference_url":"https://github.com/advisories/GHSA-ghw5-998m-vw4w","reference_id":"GHSA-ghw5-998m-vw4w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghw5-998m-vw4w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19581?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4jau-1np8-6fd5"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-evf7-f2j5-rqhr"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-qfdp-4b77-uqda"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-way6-hfht-aya6"},{"vulnerability":"VCID-wfhk-xspf-7yev"},{"vulnerability":"VCID-xfq5-m4vf-cyaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5"}],"aliases":["CVE-2022-25146","GHSA-ghw5-998m-vw4w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6aqp-gny4-5ffp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165421?format=json","vulnerability_id":"VCID-bvbr-288p-xkak","summary":"Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28980","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48281","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28980"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17420","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17420"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28980","reference_id":"CVE-2022-28980","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28980"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters","reference_id":"cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters"},{"reference_url":"https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters","reference_id":"CVE-2022-28980-REFLECTED-XSS-WITH-FILTER_*-PARAMETERS-IN-APPLIED-FRAGMENT-FILTERS","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters"},{"reference_url":"https://github.com/advisories/GHSA-8mp9-w7gr-pvj3","reference_id":"GHSA-8mp9-w7gr-pvj3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mp9-w7gr-pvj3"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/"}],"url":"http://liferay.com"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27016?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/29239?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4jau-1np8-6fd5"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-evf7-f2j5-rqhr"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-qfdp-4b77-uqda"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-way6-hfht-aya6"},{"vulnerability":"VCID-wfhk-xspf-7yev"},{"vulnerability":"VCID-xfq5-m4vf-cyaj"},{"vulnerability":"VCID-zc53-8p5g-2kcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1"}],"aliases":["CVE-2022-28980","GHSA-8mp9-w7gr-pvj3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvbr-288p-xkak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210414?format=json","vulnerability_id":"VCID-cn4z-f8ej-ruha","summary":"Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29047","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52658","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29047"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29047","reference_id":"CVE-2021-29047","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29047"},{"reference_url":"https://github.com/advisories/GHSA-9mxg-p873-6793","reference_id":"GHSA-9mxg-p873-6793","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9mxg-p873-6793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23359?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-9ka7-ck9s-nudp"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-b31e-vxh7-1qe8"},{"vulnerability":"VCID-bvbr-288p-xkak"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-evf7-f2j5-rqhr"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqhp-785u-nben"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-snty-bgwf-33bu"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-txpn-fzyb-3udy"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-way6-hfht-aya6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1"}],"aliases":["CVE-2021-29047","GHSA-9mxg-p873-6793"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cn4z-f8ej-ruha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210412?format=json","vulnerability_id":"VCID-p17t-h88p-zybu","summary":"Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29041","reference_id":"","reference_type":"","scores":[{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66731","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29041"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17131","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17131"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29041","reference_id":"CVE-2021-29041","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29041"},{"reference_url":"https://github.com/advisories/GHSA-82j7-2h3j-hc7f","reference_id":"GHSA-82j7-2h3j-hc7f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-82j7-2h3j-hc7f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23359?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-9ka7-ck9s-nudp"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-b31e-vxh7-1qe8"},{"vulnerability":"VCID-bvbr-288p-xkak"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-evf7-f2j5-rqhr"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqhp-785u-nben"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-snty-bgwf-33bu"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-txpn-fzyb-3udy"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-way6-hfht-aya6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1"}],"aliases":["CVE-2021-29041","GHSA-82j7-2h3j-hc7f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p17t-h88p-zybu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210419?format=json","vulnerability_id":"VCID-qaj9-m3df-7qbr","summary":"Liferay Portal and Liferay DXP Fails to Check Permissions","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29052","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27557","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29052"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29052","reference_id":"CVE-2021-29052","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29052"},{"reference_url":"https://github.com/advisories/GHSA-pr7v-qv65-rp9m","reference_id":"GHSA-pr7v-qv65-rp9m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr7v-qv65-rp9m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23359?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-9ka7-ck9s-nudp"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-b31e-vxh7-1qe8"},{"vulnerability":"VCID-bvbr-288p-xkak"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-evf7-f2j5-rqhr"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqhp-785u-nben"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-snty-bgwf-33bu"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-txpn-fzyb-3udy"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-way6-hfht-aya6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1"}],"aliases":["CVE-2021-29052","GHSA-pr7v-qv65-rp9m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qaj9-m3df-7qbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210423?format=json","vulnerability_id":"VCID-t5h8-q4q5-a3em","summary":"Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29053","reference_id":"","reference_type":"","scores":[{"value":"0.00449","scoring_system":"epss","scoring_elements":"0.64038","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29053"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29053","reference_id":"CVE-2021-29053","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29053"},{"reference_url":"https://github.com/advisories/GHSA-f9wj-c5pc-g9rh","reference_id":"GHSA-f9wj-c5pc-g9rh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f9wj-c5pc-g9rh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23359?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-9ka7-ck9s-nudp"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-b31e-vxh7-1qe8"},{"vulnerability":"VCID-bvbr-288p-xkak"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-evf7-f2j5-rqhr"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqhp-785u-nben"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-snty-bgwf-33bu"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-txpn-fzyb-3udy"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-way6-hfht-aya6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1"}],"aliases":["CVE-2021-29053","GHSA-f9wj-c5pc-g9rh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5h8-q4q5-a3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208347?format=json","vulnerability_id":"VCID-vk9f-1396-jkcp","summary":"Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38265","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39174","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38265"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17229","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17229"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38265","reference_id":"CVE-2021-38265","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38265"},{"reference_url":"https://github.com/advisories/GHSA-3x83-whxw-pvmg","reference_id":"GHSA-3x83-whxw-pvmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3x83-whxw-pvmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/541054?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-91rc-5gz3-dbcf"},{"vulnerability":"VCID-9ka7-ck9s-nudp"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-b31e-vxh7-1qe8"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-bvbr-288p-xkak"},{"vulnerability":"VCID-ckbc-n5n3-dka6"},{"vulnerability":"VCID-cn4z-f8ej-ruha"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hqd6-nkr9-4ffm"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqhp-785u-nben"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-p17t-h88p-zybu"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-snty-bgwf-33bu"},{"vulnerability":"VCID-t5h8-q4q5-a3em"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-txpn-fzyb-3udy"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-way6-hfht-aya6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10"}],"aliases":["CVE-2021-38265","GHSA-3x83-whxw-pvmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vk9f-1396-jkcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208352?format=json","vulnerability_id":"VCID-vweb-9s62-zucm","summary":"Liferay Portal and Liferay DXP fails to properly import users from LDAP","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38266","reference_id":"","reference_type":"","scores":[{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83417","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38266"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736"},{"reference_url":"https://issues.liferay.com/browse/LPE-17191","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17191"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38266","reference_id":"CVE-2021-38266","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38266"},{"reference_url":"https://github.com/advisories/GHSA-jp3m-vh3g-6ggp","reference_id":"GHSA-jp3m-vh3g-6ggp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jp3m-vh3g-6ggp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19595?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1"},{"url":"http://public2.vulnerablecode.io/api/packages/541054?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-5gqq-m36a-53b6"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-91rc-5gz3-dbcf"},{"vulnerability":"VCID-9ka7-ck9s-nudp"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-ank8-p9qa-9udx"},{"vulnerability":"VCID-b31e-vxh7-1qe8"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-bvbr-288p-xkak"},{"vulnerability":"VCID-ckbc-n5n3-dka6"},{"vulnerability":"VCID-cn4z-f8ej-ruha"},{"vulnerability":"VCID-ed9v-m3q5-6yaq"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-g6wt-vwuh-cua8"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-hqd6-nkr9-4ffm"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqhp-785u-nben"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-p17t-h88p-zybu"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-qztv-899y-sbb8"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-snty-bgwf-33bu"},{"vulnerability":"VCID-t5h8-q4q5-a3em"},{"vulnerability":"VCID-tgpb-tps9-wfd5"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-txpn-fzyb-3udy"},{"vulnerability":"VCID-umd8-9ypn-zkdk"},{"vulnerability":"VCID-v9m5-8c56-tuhb"},{"vulnerability":"VCID-way6-hfht-aya6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10"}],"aliases":["CVE-2021-38266","GHSA-jp3m-vh3g-6ggp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vweb-9s62-zucm"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356697?format=json","vulnerability_id":"VCID-kpwb-z5k7-bqa8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42628","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36604","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42628"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42628","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42628"},{"reference_url":"https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal"},{"reference_url":"https://github.com/advisories/GHSA-hv45-r2f5-fmhj","reference_id":"GHSA-hv45-r2f5-fmhj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hv45-r2f5-fmhj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/539006?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-6gyp-c7wt-qfb5"},{"vulnerability":"VCID-91rc-5gz3-dbcf"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-bmbd-g58w-z3gy"},{"vulnerability":"VCID-bvbr-288p-xkak"},{"vulnerability":"VCID-ckbc-n5n3-dka6"},{"vulnerability":"VCID-cn4z-f8ej-ruha"},{"vulnerability":"VCID-fer2-q3rr-2khd"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-p17t-h88p-zybu"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-t5h8-q4q5-a3em"},{"vulnerability":"VCID-vk9f-1396-jkcp"},{"vulnerability":"VCID-vweb-9s62-zucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/541767?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-91rc-5gz3-dbcf"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-bvbr-288p-xkak"},{"vulnerability":"VCID-ckbc-n5n3-dka6"},{"vulnerability":"VCID-cn4z-f8ej-ruha"},{"vulnerability":"VCID-g52h-8r1h-dfhe"},{"vulnerability":"VCID-k469-ety8-rqby"},{"vulnerability":"VCID-mqut-n4an-x3cs"},{"vulnerability":"VCID-n634-fspx-judk"},{"vulnerability":"VCID-p17t-h88p-zybu"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-t5h8-q4q5-a3em"},{"vulnerability":"VCID-vk9f-1396-jkcp"},{"vulnerability":"VCID-vweb-9s62-zucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/541775?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-bvbr-288p-xkak"},{"vulnerability":"VCID-cn4z-f8ej-ruha"},{"vulnerability":"VCID-p17t-h88p-zybu"},{"vulnerability":"VCID-qaj9-m3df-7qbr"},{"vulnerability":"VCID-t5h8-q4q5-a3em"},{"vulnerability":"VCID-vk9f-1396-jkcp"},{"vulnerability":"VCID-vweb-9s62-zucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/29237?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-bvbr-288p-xkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34"},{"url":"http://public2.vulnerablecode.io/api/packages/372312?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-huvy-gpy3-v3dp"},{"vulnerability":"VCID-n512-h3fa-xbh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88"}],"aliases":["CVE-2023-42628","GHSA-hv45-r2f5-fmhj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpwb-z5k7-bqa8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1"}