Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.frontend.js.web@1.0.1
Typemaven
Namespacecom.liferay
Namecom.liferay.frontend.js.web
Version1.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.125
Latest_non_vulnerable_version5.0.125
Affected_by_vulnerabilities
0
url VCID-1pe7-284c-qkgj
vulnerability_id VCID-1pe7-284c-qkgj
summary Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded by object entry and stored in document_library
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43758
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.34197
published_at 2026-06-12T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.342
published_at 2026-06-14T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.3402
published_at 2026-06-11T12:55:00Z
3
value 0.00141
scoring_system epss
scoring_elements 0.34221
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43758
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/bf036898c413b6733918f4bfeba59896f1abb34a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/bf036898c413b6733918f4bfeba59896f1abb34a
3
reference_url https://github.com/liferay/liferay-portal/commit/ff4efcb59b6b9acf548d37787b8d4b3d1126fff8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ff4efcb59b6b9acf548d37787b8d4b3d1126fff8
4
reference_url https://liferay.atlassian.net/browse/LPE-18186
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18186
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43758
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43758
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43758
reference_id CVE-2025-43758
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T18:48:54Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43758
7
reference_url https://github.com/advisories/GHSA-mm62-gwj5-j285
reference_id GHSA-mm62-gwj5-j285
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mm62-gwj5-j285
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.125
purl pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.125
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.125
aliases CVE-2025-43758, GHSA-mm62-gwj5-j285
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pe7-284c-qkgj
1
url VCID-h9vv-1cu6-jydx
vulnerability_id VCID-h9vv-1cu6-jydx
summary Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38267
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39345
published_at 2026-06-12T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39174
published_at 2026-06-11T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39358
published_at 2026-06-14T12:55:00Z
3
value 0.00178
scoring_system epss
scoring_elements 0.3937
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38267
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/c3ad74d0664072c43da4d30a1d19be8cec3aa8bc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c3ad74d0664072c43da4d30a1d19be8cec3aa8bc
3
reference_url https://liferay.atlassian.net/browse/LPE-17212
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17212
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38267-stored-xss-with-title-and-subtitle-of-blog-entry?p_r_p_assetEntryId=121611935&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611935%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38267-stored-xss-with-title-and-subtitle-of-blog-entry?p_r_p_assetEntryId=121611935&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611935%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38267
reference_id CVE-2021-38267
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38267
6
reference_url https://github.com/advisories/GHSA-r39x-3qq4-gxmr
reference_id GHSA-r39x-3qq4-gxmr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r39x-3qq4-gxmr
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.0
purl pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pe7-284c-qkgj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.0
aliases CVE-2021-38267, GHSA-r39x-3qq4-gxmr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h9vv-1cu6-jydx
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.frontend.js.web@1.0.1