{"url":"http://public2.vulnerablecode.io/api/packages/541794?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u18","type":"maven","namespace":"com.liferay.portal","name":"release.dxp.bom","version":"7.3.10.u18","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.4u93","latest_non_vulnerable_version":"2025.Q2.10","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208339?format=json","vulnerability_id":"VCID-6aqp-gny4-5ffp","summary":"Liferay Portal and Liferay DXP fails to check origin of event messages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25146","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33845","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25146"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25146","reference_id":"CVE-2022-25146","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25146"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps","reference_id":"CVE-2022-25146-CSRF-TOKEN-EXFILTRATION-VIA-REMOTE-APPS","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps"},{"reference_url":"https://github.com/advisories/GHSA-ghw5-998m-vw4w","reference_id":"GHSA-ghw5-998m-vw4w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghw5-998m-vw4w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19581?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4jau-1np8-6fd5"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-evf7-f2j5-rqhr"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-qfdp-4b77-uqda"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-way6-hfht-aya6"},{"vulnerability":"VCID-wfhk-xspf-7yev"},{"vulnerability":"VCID-xfq5-m4vf-cyaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5"}],"aliases":["CVE-2022-25146","GHSA-ghw5-998m-vw4w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6aqp-gny4-5ffp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165421?format=json","vulnerability_id":"VCID-bvbr-288p-xkak","summary":"Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28980","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48281","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28980"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17420","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17420"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28980","reference_id":"CVE-2022-28980","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28980"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters","reference_id":"cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters"},{"reference_url":"https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters","reference_id":"CVE-2022-28980-REFLECTED-XSS-WITH-FILTER_*-PARAMETERS-IN-APPLIED-FRAGMENT-FILTERS","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters"},{"reference_url":"https://github.com/advisories/GHSA-8mp9-w7gr-pvj3","reference_id":"GHSA-8mp9-w7gr-pvj3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mp9-w7gr-pvj3"},{"reference_url":"http://liferay.com","reference_id":"liferay.com","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/"}],"url":"http://liferay.com"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27016?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/29239?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48hp-m4m8-cqge"},{"vulnerability":"VCID-4jau-1np8-6fd5"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-72my-1zwg-a7hx"},{"vulnerability":"VCID-8uqz-bc88-ybcc"},{"vulnerability":"VCID-9u32-4n1x-77ce"},{"vulnerability":"VCID-a62g-s5j4-73fr"},{"vulnerability":"VCID-evf7-f2j5-rqhr"},{"vulnerability":"VCID-j1vh-25uj-ukga"},{"vulnerability":"VCID-kpwb-z5k7-bqa8"},{"vulnerability":"VCID-kqsk-3dby-s3dh"},{"vulnerability":"VCID-n512-h3fa-xbh7"},{"vulnerability":"VCID-qfdp-4b77-uqda"},{"vulnerability":"VCID-uxjd-h6fd-sbgf"},{"vulnerability":"VCID-way6-hfht-aya6"},{"vulnerability":"VCID-wfhk-xspf-7yev"},{"vulnerability":"VCID-xfq5-m4vf-cyaj"},{"vulnerability":"VCID-zc53-8p5g-2kcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1"}],"aliases":["CVE-2022-28980","GHSA-8mp9-w7gr-pvj3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvbr-288p-xkak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356697?format=json","vulnerability_id":"VCID-kpwb-z5k7-bqa8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42628","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36604","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42628"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42628","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42628"},{"reference_url":"https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal"},{"reference_url":"https://github.com/advisories/GHSA-hv45-r2f5-fmhj","reference_id":"GHSA-hv45-r2f5-fmhj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hv45-r2f5-fmhj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29237?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-bvbr-288p-xkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34"},{"url":"http://public2.vulnerablecode.io/api/packages/372312?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-huvy-gpy3-v3dp"},{"vulnerability":"VCID-n512-h3fa-xbh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88"}],"aliases":["CVE-2023-42628","GHSA-hv45-r2f5-fmhj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpwb-z5k7-bqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135372?format=json","vulnerability_id":"VCID-n512-h3fa-xbh7","summary":"Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42627","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43285","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42627"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42627","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42627"},{"reference_url":"https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627","reference_id":"cve-2023-42627","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T19:36:13Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627"},{"reference_url":"https://github.com/advisories/GHSA-qp68-5v39-r869","reference_id":"GHSA-qp68-5v39-r869","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qp68-5v39-r869"},{"reference_url":"https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/","reference_id":"stored-cross-site-scripting-vulnerabilities-in-liferay-portal","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T19:36:13Z/"}],"url":"https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/660080?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u93"},{"url":"http://public2.vulnerablecode.io/api/packages/29237?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-bvbr-288p-xkak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34"}],"aliases":["CVE-2023-42627","GHSA-qp68-5v39-r869"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n512-h3fa-xbh7"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u18"}