Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.layout.admin.web@4.0.59

Type maven

Namespace com.liferay

Name com.liferay.layout.admin.web

Version 4.0.59

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.0.191

Latest_non_vulnerable_version 5.0.191

Affected_by_vulnerabilities

url VCID-1e2q-bajq-sfga

vulnerability_id VCID-1e2q-bajq-sfga

summary A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.13, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript into the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_type parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43755

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12783
published_at	2026-06-12T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12773
published_at	2026-06-14T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12693
published_at	2026-06-11T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12792
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43755

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/5db1ab018d71689fc1eaebcbd27c202e9c2b44d9

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/5db1ab018d71689fc1eaebcbd27c202e9c2b44d9

reference_url

https://github.com/liferay/liferay-portal/commit/f91c374d28c478db38006f5c2d1802c2ab55d034

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/f91c374d28c478db38006f5c2d1802c2ab55d034

reference_url

https://liferay.atlassian.net/browse/LPE-18238

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18238

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43755

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43755

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43755

reference_id

CVE-2025-43755

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T17:21:39Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43755

reference_url

https://github.com/advisories/GHSA-58cq-8wm2-6m87

reference_id

GHSA-58cq-8wm2-6m87

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-58cq-8wm2-6m87

fixed_packages

url	pkg:maven/com.liferay/com.liferay.layout.admin.web@5.0.191
purl	pkg:maven/com.liferay/com.liferay.layout.admin.web@5.0.191
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.layout.admin.web@5.0.191

aliases CVE-2025-43755, GHSA-58cq-8wm2-6m87

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1e2q-bajq-sfga

url VCID-vk9f-1396-jkcp

vulnerability_id VCID-vk9f-1396-jkcp

summary Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38265

reference_id

reference_type

scores

value	0.00178
scoring_system	epss
scoring_elements	0.39345
published_at	2026-06-12T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39174
published_at	2026-06-11T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39358
published_at	2026-06-14T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.3937
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38265

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b

reference_url

https://liferay.atlassian.net/browse/LPE-17229

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17229

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-38265

reference_id

CVE-2021-38265

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-38265

reference_url

https://github.com/advisories/GHSA-3x83-whxw-pvmg

reference_id

GHSA-3x83-whxw-pvmg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3x83-whxw-pvmg

fixed_packages

url pkg:maven/com.liferay/com.liferay.layout.admin.web@5.0.0

purl pkg:maven/com.liferay/com.liferay.layout.admin.web@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e2q-bajq-sfga

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.layout.admin.web@5.0.0

aliases CVE-2021-38265, GHSA-3x83-whxw-pvmg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vk9f-1396-jkcp

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.layout.admin.web@4.0.59

Package Instance