Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp95-2
Typemaven
Namespacecom.liferay.portal
Namerelease.dxp.bom
Version7.0.10.fp95-2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.4.13.u93
Latest_non_vulnerable_version7.4.13.u93
Affected_by_vulnerabilities
0
url VCID-17tm-rzgk-qfas
vulnerability_id VCID-17tm-rzgk-qfas
summary 
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page
Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the (1) _com_liferay_journal_web_portlet_JournalPortlet_name or (2) _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33328
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.34942
published_at 2026-06-04T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35052
published_at 2026-06-06T12:55:00Z
2
value 0.00148
scoring_system epss
scoring_elements 0.35038
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33328
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17100
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17100
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33328
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33328
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972
5
reference_url https://github.com/advisories/GHSA-vpvm-3wfw-5f5c
reference_id GHSA-vpvm-3wfw-5f5c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vpvm-3wfw-5f5c
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-a93n-jcyj-s7cb
8
vulnerability VCID-afe9-yqy2-8bdb
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-jkje-ckr9-6ffp
15
vulnerability VCID-k6d6-hyep-pbac
16
vulnerability VCID-k9yt-aj7x-3bht
17
vulnerability VCID-n6qs-hded-rydp
18
vulnerability VCID-p4nc-ucxy-sydb
19
vulnerability VCID-rtqu-78p2-buej
20
vulnerability VCID-vsg8-h11j-63ge
21
vulnerability VCID-x7ny-9pvm-77eh
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
25
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-7f43-u96s-qyeq
6
vulnerability VCID-7gqd-78yq-r3be
7
vulnerability VCID-7zhe-ztqw-gkhh
8
vulnerability VCID-8jv6-163j-a7b2
9
vulnerability VCID-9471-umbz-pucy
10
vulnerability VCID-a7z8-2fzy-2qee
11
vulnerability VCID-a93n-jcyj-s7cb
12
vulnerability VCID-afe9-yqy2-8bdb
13
vulnerability VCID-b7h9-cxkj-hkc8
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-eaks-bevz-uuc8
18
vulnerability VCID-ebmm-3qj1-8uec
19
vulnerability VCID-ebzh-bpks-5qe2
20
vulnerability VCID-euw1-6mk1-n3he
21
vulnerability VCID-f9dw-g5c2-jba1
22
vulnerability VCID-fxtu-zgpf-cbhs
23
vulnerability VCID-ggs5-4zac-vqa7
24
vulnerability VCID-gp4p-wthk-k3hf
25
vulnerability VCID-gz3a-m337-s7dn
26
vulnerability VCID-h261-uqtv-yfek
27
vulnerability VCID-hrnu-4t2j-9qba
28
vulnerability VCID-hw1d-gdcv-vkec
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-k6d6-hyep-pbac
31
vulnerability VCID-k9yt-aj7x-3bht
32
vulnerability VCID-menx-yu2z-xkeh
33
vulnerability VCID-n6qs-hded-rydp
34
vulnerability VCID-p4nc-ucxy-sydb
35
vulnerability VCID-p9am-1rhf-6bh2
36
vulnerability VCID-qar1-pfr5-ekfm
37
vulnerability VCID-rtqu-78p2-buej
38
vulnerability VCID-uug8-ap5n-r3g2
39
vulnerability VCID-vsg8-h11j-63ge
40
vulnerability VCID-x7ny-9pvm-77eh
41
vulnerability VCID-xe2v-j69t-d3h3
42
vulnerability VCID-xu7c-vz69-duhp
43
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
aliases CVE-2021-33328, GHSA-vpvm-3wfw-5f5c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17tm-rzgk-qfas
1
url VCID-1fqz-psdf-g7dm
vulnerability_id VCID-1fqz-psdf-g7dm
summary 
Liferay Portal and Liferay DXP User Enumeration Vulnerability
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54034
published_at 2026-06-06T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54027
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
3
reference_url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
reference_id CVE-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:17:11Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
reference_id CVE-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
6
reference_url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
reference_id GHSA-qm43-g2xj-hvg5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-e5h2-wvws-3yhq
2
vulnerability VCID-ebmm-3qj1-8uec
3
vulnerability VCID-ebzh-bpks-5qe2
4
vulnerability VCID-euw1-6mk1-n3he
5
vulnerability VCID-fxtu-zgpf-cbhs
6
vulnerability VCID-p4nc-ucxy-sydb
7
vulnerability VCID-rtqu-78p2-buej
8
vulnerability VCID-vsg8-h11j-63ge
9
vulnerability VCID-xe2v-j69t-d3h3
10
vulnerability VCID-xu7c-vz69-duhp
11
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-e5h2-wvws-3yhq
2
vulnerability VCID-ebzh-bpks-5qe2
3
vulnerability VCID-euw1-6mk1-n3he
4
vulnerability VCID-rtqu-78p2-buej
5
vulnerability VCID-tqvb-a46r-jbf8
6
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27a1-teqk-cbe2
1
vulnerability VCID-42k1-vb9z-3qe7
2
vulnerability VCID-9hvg-h2ra-nbcc
3
vulnerability VCID-c3ym-wtv5-hfhr
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-d8m3-apv8-zfe1
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebzh-bpks-5qe2
8
vulnerability VCID-gkn8-ehfa-3ugx
9
vulnerability VCID-nntr-5xwu-tya3
10
vulnerability VCID-tqvb-a46r-jbf8
11
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
aliases CVE-2024-26268, GHSA-qm43-g2xj-hvg5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fqz-psdf-g7dm
2
url VCID-1h16-mptk-gke7
vulnerability_id VCID-1h16-mptk-gke7
summary 
Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password
The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29043
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42502
published_at 2026-06-04T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42586
published_at 2026-06-06T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42575
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29043
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29043
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29043
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515
5
reference_url https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515
6
reference_url https://github.com/advisories/GHSA-xx2h-2hf5-v7vv
reference_id GHSA-xx2h-2hf5-v7vv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx2h-2hf5-v7vv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-a93n-jcyj-s7cb
8
vulnerability VCID-afe9-yqy2-8bdb
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-jkje-ckr9-6ffp
15
vulnerability VCID-k6d6-hyep-pbac
16
vulnerability VCID-k9yt-aj7x-3bht
17
vulnerability VCID-n6qs-hded-rydp
18
vulnerability VCID-p4nc-ucxy-sydb
19
vulnerability VCID-rtqu-78p2-buej
20
vulnerability VCID-vsg8-h11j-63ge
21
vulnerability VCID-x7ny-9pvm-77eh
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
25
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-e5h2-wvws-3yhq
13
vulnerability VCID-ebmm-3qj1-8uec
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-f9dw-g5c2-jba1
16
vulnerability VCID-fxtu-zgpf-cbhs
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-jkje-ckr9-6ffp
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-n6qs-hded-rydp
21
vulnerability VCID-p4nc-ucxy-sydb
22
vulnerability VCID-rtqu-78p2-buej
23
vulnerability VCID-vsg8-h11j-63ge
24
vulnerability VCID-xe2v-j69t-d3h3
25
vulnerability VCID-xu7c-vz69-duhp
26
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
4
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29043, GHSA-xx2h-2hf5-v7vv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1h16-mptk-gke7
3
url VCID-266t-4gfq-duh4
vulnerability_id VCID-266t-4gfq-duh4
summary 
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3847
published_at 2026-06-06T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38467
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
3
reference_url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
4
reference_url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
5
reference_url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
6
reference_url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
7
reference_url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
8
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
reference_id CVE-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T14:56:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
reference_id CVE-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
10
reference_url https://github.com/advisories/GHSA-4585-28v2-8h46
reference_id GHSA-4585-28v2-8h46
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4585-28v2-8h46
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-e5h2-wvws-3yhq
3
vulnerability VCID-ebmm-3qj1-8uec
4
vulnerability VCID-ebzh-bpks-5qe2
5
vulnerability VCID-euw1-6mk1-n3he
6
vulnerability VCID-fxtu-zgpf-cbhs
7
vulnerability VCID-p4nc-ucxy-sydb
8
vulnerability VCID-rtqu-78p2-buej
9
vulnerability VCID-vsg8-h11j-63ge
10
vulnerability VCID-xe2v-j69t-d3h3
11
vulnerability VCID-xu7c-vz69-duhp
12
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-cxnv-25bg-rubj
3
vulnerability VCID-e5c7-wsvb-dyfm
4
vulnerability VCID-e5h2-wvws-3yhq
5
vulnerability VCID-ebzh-bpks-5qe2
6
vulnerability VCID-ef5k-bdxm-xfer
7
vulnerability VCID-euw1-6mk1-n3he
8
vulnerability VCID-ggs5-4zac-vqa7
9
vulnerability VCID-menx-yu2z-xkeh
10
vulnerability VCID-rtqu-78p2-buej
11
vulnerability VCID-tqvb-a46r-jbf8
12
vulnerability VCID-xe2v-j69t-d3h3
13
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2024-25150, GHSA-4585-28v2-8h46
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-266t-4gfq-duh4
4
url VCID-6yj4-11z6-pfhx
vulnerability_id VCID-6yj4-11z6-pfhx
summary 
Liferay Portal and Liferay DXP Don't Check Permissions of Pages
The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33324
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.30682
published_at 2026-06-04T12:55:00Z
1
value 0.00121
scoring_system epss
scoring_elements 0.30721
published_at 2026-06-06T12:55:00Z
2
value 0.00121
scoring_system epss
scoring_elements 0.30755
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33324
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17001
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17001
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33324
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33324
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
5
reference_url https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
6
reference_url https://github.com/advisories/GHSA-474f-cmx5-gm69
reference_id GHSA-474f-cmx5-gm69
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-474f-cmx5-gm69
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-4mcy-yw2p-v7bd
6
vulnerability VCID-5vyh-n1sc-sydy
7
vulnerability VCID-67kh-3nge-vfhg
8
vulnerability VCID-68kz-zfvf-7ucw
9
vulnerability VCID-6r32-cn35-sqcb
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7gqd-78yq-r3be
12
vulnerability VCID-7zhe-ztqw-gkhh
13
vulnerability VCID-8jv6-163j-a7b2
14
vulnerability VCID-9471-umbz-pucy
15
vulnerability VCID-a7z8-2fzy-2qee
16
vulnerability VCID-a93n-jcyj-s7cb
17
vulnerability VCID-afe9-yqy2-8bdb
18
vulnerability VCID-b7h9-cxkj-hkc8
19
vulnerability VCID-c4kq-8dpb-bkc7
20
vulnerability VCID-cj4m-mvzh-ckh4
21
vulnerability VCID-d7nb-6hvn-cueh
22
vulnerability VCID-e5c7-wsvb-dyfm
23
vulnerability VCID-e5h2-wvws-3yhq
24
vulnerability VCID-eaks-bevz-uuc8
25
vulnerability VCID-ebmm-3qj1-8uec
26
vulnerability VCID-ebzh-bpks-5qe2
27
vulnerability VCID-euw1-6mk1-n3he
28
vulnerability VCID-f9dw-g5c2-jba1
29
vulnerability VCID-fxtu-zgpf-cbhs
30
vulnerability VCID-ggs5-4zac-vqa7
31
vulnerability VCID-gp4p-wthk-k3hf
32
vulnerability VCID-gv7c-qump-nyds
33
vulnerability VCID-gz3a-m337-s7dn
34
vulnerability VCID-h261-uqtv-yfek
35
vulnerability VCID-hrnu-4t2j-9qba
36
vulnerability VCID-hw1d-gdcv-vkec
37
vulnerability VCID-jarq-qchk-nkc1
38
vulnerability VCID-jkje-ckr9-6ffp
39
vulnerability VCID-jr2w-84ez-3kg2
40
vulnerability VCID-k29y-9nww-cuh6
41
vulnerability VCID-k6d6-hyep-pbac
42
vulnerability VCID-k9yt-aj7x-3bht
43
vulnerability VCID-menx-yu2z-xkeh
44
vulnerability VCID-n6qs-hded-rydp
45
vulnerability VCID-p4nc-ucxy-sydb
46
vulnerability VCID-p7s6-d63y-4ffb
47
vulnerability VCID-p9am-1rhf-6bh2
48
vulnerability VCID-qar1-pfr5-ekfm
49
vulnerability VCID-rtqu-78p2-buej
50
vulnerability VCID-sn9p-y571-ffej
51
vulnerability VCID-t51p-askk-pfcx
52
vulnerability VCID-uug8-ap5n-r3g2
53
vulnerability VCID-vrqa-ggse-wqhn
54
vulnerability VCID-vsg8-h11j-63ge
55
vulnerability VCID-x7ny-9pvm-77eh
56
vulnerability VCID-x93k-k3f7-y3hk
57
vulnerability VCID-xe2v-j69t-d3h3
58
vulnerability VCID-xu7c-vz69-duhp
59
vulnerability VCID-yq5x-4eyq-m7ba
60
vulnerability VCID-yump-6eg9-9yeq
61
vulnerability VCID-zc36-wq6m-4bbn
62
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
aliases CVE-2021-33324, GHSA-474f-cmx5-gm69
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yj4-11z6-pfhx
5
url VCID-7f43-u96s-qyeq
vulnerability_id VCID-7f43-u96s-qyeq
summary 
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page
Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name parameter.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29048
reference_id
reference_type
scores
0
value 0.00474
scoring_system epss
scoring_elements 0.65127
published_at 2026-06-04T12:55:00Z
1
value 0.00474
scoring_system epss
scoring_elements 0.6518
published_at 2026-06-06T12:55:00Z
2
value 0.00474
scoring_system epss
scoring_elements 0.65169
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29048
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29048
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29048
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
5
reference_url https://web.archive.org/web/20210524222536/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524222536/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
6
reference_url https://github.com/advisories/GHSA-4fx8-82f3-xcpc
reference_id GHSA-4fx8-82f3-xcpc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fx8-82f3-xcpc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp11
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-b7h9-cxkj-hkc8
12
vulnerability VCID-cj4m-mvzh-ckh4
13
vulnerability VCID-e5c7-wsvb-dyfm
14
vulnerability VCID-e5h2-wvws-3yhq
15
vulnerability VCID-ebmm-3qj1-8uec
16
vulnerability VCID-ebzh-bpks-5qe2
17
vulnerability VCID-euw1-6mk1-n3he
18
vulnerability VCID-f9dw-g5c2-jba1
19
vulnerability VCID-fxtu-zgpf-cbhs
20
vulnerability VCID-ggs5-4zac-vqa7
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-h261-uqtv-yfek
23
vulnerability VCID-hrnu-4t2j-9qba
24
vulnerability VCID-hw1d-gdcv-vkec
25
vulnerability VCID-jkje-ckr9-6ffp
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-menx-yu2z-xkeh
28
vulnerability VCID-n6qs-hded-rydp
29
vulnerability VCID-p4nc-ucxy-sydb
30
vulnerability VCID-p9am-1rhf-6bh2
31
vulnerability VCID-rtqu-78p2-buej
32
vulnerability VCID-uug8-ap5n-r3g2
33
vulnerability VCID-vsg8-h11j-63ge
34
vulnerability VCID-xe2v-j69t-d3h3
35
vulnerability VCID-xu7c-vz69-duhp
36
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp11
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29048, GHSA-4fx8-82f3-xcpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7f43-u96s-qyeq
6
url VCID-84qe-1wws-v3g6
vulnerability_id VCID-84qe-1wws-v3g6
summary 
Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use
In implementation for the portal services before 5.7.3 in Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the old password reset token.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33322
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.45117
published_at 2026-06-06T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.45113
published_at 2026-06-05T12:55:00Z
2
value 0.00223
scoring_system epss
scoring_elements 0.45044
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33322
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/8f072ee8527a1dd5c0ffa91c4a78641d0e666b95
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8f072ee8527a1dd5c0ffa91c4a78641d0e666b95
3
reference_url https://github.com/liferay/liferay-portal/commit/9fe453b34f58286a504d995be8ba50499adcf1b7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9fe453b34f58286a504d995be8ba50499adcf1b7
4
reference_url https://liferay.atlassian.net/browse/LPE-16981
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-16981
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33322-password-change-does-not-invalidate-password-reset-tokens?p_r_p_assetEntryId=121610648&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121610648%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33322-password-change-does-not-invalidate-password-reset-tokens?p_r_p_assetEntryId=121610648&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121610648%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33322
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33322
7
reference_url https://github.com/advisories/GHSA-vwj8-4grf-3r8v
reference_id GHSA-vwj8-4grf-3r8v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vwj8-4grf-3r8v
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-a93n-jcyj-s7cb
8
vulnerability VCID-afe9-yqy2-8bdb
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-jkje-ckr9-6ffp
15
vulnerability VCID-k6d6-hyep-pbac
16
vulnerability VCID-k9yt-aj7x-3bht
17
vulnerability VCID-n6qs-hded-rydp
18
vulnerability VCID-p4nc-ucxy-sydb
19
vulnerability VCID-rtqu-78p2-buej
20
vulnerability VCID-vsg8-h11j-63ge
21
vulnerability VCID-x7ny-9pvm-77eh
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
25
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-68kz-zfvf-7ucw
8
vulnerability VCID-6r32-cn35-sqcb
9
vulnerability VCID-6yj4-11z6-pfhx
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7zhe-ztqw-gkhh
12
vulnerability VCID-8jv6-163j-a7b2
13
vulnerability VCID-9471-umbz-pucy
14
vulnerability VCID-a7z8-2fzy-2qee
15
vulnerability VCID-a93n-jcyj-s7cb
16
vulnerability VCID-afe9-yqy2-8bdb
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-ebmm-3qj1-8uec
22
vulnerability VCID-euw1-6mk1-n3he
23
vulnerability VCID-f9dw-g5c2-jba1
24
vulnerability VCID-fxtu-zgpf-cbhs
25
vulnerability VCID-gp4p-wthk-k3hf
26
vulnerability VCID-gv7c-qump-nyds
27
vulnerability VCID-gz3a-m337-s7dn
28
vulnerability VCID-jarq-qchk-nkc1
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-jr2w-84ez-3kg2
31
vulnerability VCID-k29y-9nww-cuh6
32
vulnerability VCID-k6d6-hyep-pbac
33
vulnerability VCID-k9yt-aj7x-3bht
34
vulnerability VCID-n6qs-hded-rydp
35
vulnerability VCID-p4nc-ucxy-sydb
36
vulnerability VCID-p7s6-d63y-4ffb
37
vulnerability VCID-qar1-pfr5-ekfm
38
vulnerability VCID-rtqu-78p2-buej
39
vulnerability VCID-sn9p-y571-ffej
40
vulnerability VCID-t51p-askk-pfcx
41
vulnerability VCID-vsg8-h11j-63ge
42
vulnerability VCID-x13m-kscr-nkbf
43
vulnerability VCID-x7ny-9pvm-77eh
44
vulnerability VCID-xe2v-j69t-d3h3
45
vulnerability VCID-xu7c-vz69-duhp
46
vulnerability VCID-yq5x-4eyq-m7ba
47
vulnerability VCID-yump-6eg9-9yeq
48
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-4mcy-yw2p-v7bd
6
vulnerability VCID-5vyh-n1sc-sydy
7
vulnerability VCID-67kh-3nge-vfhg
8
vulnerability VCID-68kz-zfvf-7ucw
9
vulnerability VCID-6r32-cn35-sqcb
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7gqd-78yq-r3be
12
vulnerability VCID-7zhe-ztqw-gkhh
13
vulnerability VCID-8jv6-163j-a7b2
14
vulnerability VCID-9471-umbz-pucy
15
vulnerability VCID-a7z8-2fzy-2qee
16
vulnerability VCID-a93n-jcyj-s7cb
17
vulnerability VCID-afe9-yqy2-8bdb
18
vulnerability VCID-b7h9-cxkj-hkc8
19
vulnerability VCID-c4kq-8dpb-bkc7
20
vulnerability VCID-cj4m-mvzh-ckh4
21
vulnerability VCID-d7nb-6hvn-cueh
22
vulnerability VCID-e5c7-wsvb-dyfm
23
vulnerability VCID-e5h2-wvws-3yhq
24
vulnerability VCID-eaks-bevz-uuc8
25
vulnerability VCID-ebmm-3qj1-8uec
26
vulnerability VCID-ebzh-bpks-5qe2
27
vulnerability VCID-euw1-6mk1-n3he
28
vulnerability VCID-f9dw-g5c2-jba1
29
vulnerability VCID-fxtu-zgpf-cbhs
30
vulnerability VCID-ggs5-4zac-vqa7
31
vulnerability VCID-gp4p-wthk-k3hf
32
vulnerability VCID-gv7c-qump-nyds
33
vulnerability VCID-gz3a-m337-s7dn
34
vulnerability VCID-h261-uqtv-yfek
35
vulnerability VCID-hrnu-4t2j-9qba
36
vulnerability VCID-hw1d-gdcv-vkec
37
vulnerability VCID-jarq-qchk-nkc1
38
vulnerability VCID-jkje-ckr9-6ffp
39
vulnerability VCID-jr2w-84ez-3kg2
40
vulnerability VCID-k29y-9nww-cuh6
41
vulnerability VCID-k6d6-hyep-pbac
42
vulnerability VCID-k9yt-aj7x-3bht
43
vulnerability VCID-menx-yu2z-xkeh
44
vulnerability VCID-n6qs-hded-rydp
45
vulnerability VCID-p4nc-ucxy-sydb
46
vulnerability VCID-p7s6-d63y-4ffb
47
vulnerability VCID-p9am-1rhf-6bh2
48
vulnerability VCID-qar1-pfr5-ekfm
49
vulnerability VCID-rtqu-78p2-buej
50
vulnerability VCID-sn9p-y571-ffej
51
vulnerability VCID-t51p-askk-pfcx
52
vulnerability VCID-uug8-ap5n-r3g2
53
vulnerability VCID-vrqa-ggse-wqhn
54
vulnerability VCID-vsg8-h11j-63ge
55
vulnerability VCID-x7ny-9pvm-77eh
56
vulnerability VCID-x93k-k3f7-y3hk
57
vulnerability VCID-xe2v-j69t-d3h3
58
vulnerability VCID-xu7c-vz69-duhp
59
vulnerability VCID-yq5x-4eyq-m7ba
60
vulnerability VCID-yump-6eg9-9yeq
61
vulnerability VCID-zc36-wq6m-4bbn
62
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
aliases CVE-2021-33322, GHSA-vwj8-4grf-3r8v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84qe-1wws-v3g6
7
url VCID-8jv6-163j-a7b2
vulnerability_id VCID-8jv6-163j-a7b2
summary 
Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25149
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49533
published_at 2026-06-06T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49523
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25149
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149
reference_id CVE-2024-25149
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:46:50Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25149
reference_id CVE-2024-25149
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25149
5
reference_url https://github.com/advisories/GHSA-qpgh-6v9w-vfv6
reference_id GHSA-qpgh-6v9w-vfv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpgh-6v9w-vfv6
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-9yw4-52sc-rbbz
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-b7h9-cxkj-hkc8
9
vulnerability VCID-cj4m-mvzh-ckh4
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebmm-3qj1-8uec
13
vulnerability VCID-ebzh-bpks-5qe2
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-fxtu-zgpf-cbhs
16
vulnerability VCID-ggs5-4zac-vqa7
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-h261-uqtv-yfek
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-menx-yu2z-xkeh
21
vulnerability VCID-n6qs-hded-rydp
22
vulnerability VCID-p4nc-ucxy-sydb
23
vulnerability VCID-p9am-1rhf-6bh2
24
vulnerability VCID-rtqu-78p2-buej
25
vulnerability VCID-vsg8-h11j-63ge
26
vulnerability VCID-xe2v-j69t-d3h3
27
vulnerability VCID-xu7c-vz69-duhp
28
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
aliases CVE-2024-25149, GHSA-qpgh-6v9w-vfv6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jv6-163j-a7b2
8
url VCID-9471-umbz-pucy
vulnerability_id VCID-9471-umbz-pucy
summary 
Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40266
published_at 2026-06-06T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40263
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
3
reference_url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
reference_id CVE-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:21:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
reference_id CVE-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
6
reference_url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
reference_id GHSA-mf8h-grfg-j9j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7gqd-78yq-r3be
3
vulnerability VCID-9yw4-52sc-rbbz
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-e5c7-wsvb-dyfm
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebmm-3qj1-8uec
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-euw1-6mk1-n3he
10
vulnerability VCID-fxtu-zgpf-cbhs
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-menx-yu2z-xkeh
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-p9am-1rhf-6bh2
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xu7c-vz69-duhp
20
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
aliases CVE-2024-25605, GHSA-mf8h-grfg-j9j3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9471-umbz-pucy
9
url VCID-a7z8-2fzy-2qee
vulnerability_id VCID-a7z8-2fzy-2qee
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35713
published_at 2026-06-06T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35702
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
reference_id CVE-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-08T17:02:17Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
reference_id CVE-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
4
reference_url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
reference_id GHSA-9vgq-w5pv-v77q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7gqd-78yq-r3be
3
vulnerability VCID-9yw4-52sc-rbbz
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-e5c7-wsvb-dyfm
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebmm-3qj1-8uec
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-euw1-6mk1-n3he
10
vulnerability VCID-fxtu-zgpf-cbhs
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-menx-yu2z-xkeh
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-p9am-1rhf-6bh2
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xu7c-vz69-duhp
20
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-cxnv-25bg-rubj
3
vulnerability VCID-e5c7-wsvb-dyfm
4
vulnerability VCID-e5h2-wvws-3yhq
5
vulnerability VCID-ebzh-bpks-5qe2
6
vulnerability VCID-ef5k-bdxm-xfer
7
vulnerability VCID-euw1-6mk1-n3he
8
vulnerability VCID-ggs5-4zac-vqa7
9
vulnerability VCID-menx-yu2z-xkeh
10
vulnerability VCID-rtqu-78p2-buej
11
vulnerability VCID-tqvb-a46r-jbf8
12
vulnerability VCID-xe2v-j69t-d3h3
13
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
aliases CVE-2024-25145, GHSA-9vgq-w5pv-v77q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7z8-2fzy-2qee
10
url VCID-a93n-jcyj-s7cb
vulnerability_id VCID-a93n-jcyj-s7cb
summary 
Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter
Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29049
reference_id
reference_type
scores
0
value 0.00278
scoring_system epss
scoring_elements 0.51427
published_at 2026-06-04T12:55:00Z
1
value 0.00278
scoring_system epss
scoring_elements 0.51494
published_at 2026-06-06T12:55:00Z
2
value 0.00278
scoring_system epss
scoring_elements 0.51488
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29049
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://issues.liferay.com/browse/LPE-17211
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17211
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29049
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29049
5
reference_url https://github.com/advisories/GHSA-w28v-87g6-cjr6
reference_id GHSA-w28v-87g6-cjr6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w28v-87g6-cjr6
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp99
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp99
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp99
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp100
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp100
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-afe9-yqy2-8bdb
8
vulnerability VCID-e5c7-wsvb-dyfm
9
vulnerability VCID-e5h2-wvws-3yhq
10
vulnerability VCID-ebmm-3qj1-8uec
11
vulnerability VCID-euw1-6mk1-n3he
12
vulnerability VCID-fxtu-zgpf-cbhs
13
vulnerability VCID-jkje-ckr9-6ffp
14
vulnerability VCID-k6d6-hyep-pbac
15
vulnerability VCID-k9yt-aj7x-3bht
16
vulnerability VCID-n6qs-hded-rydp
17
vulnerability VCID-p4nc-ucxy-sydb
18
vulnerability VCID-rtqu-78p2-buej
19
vulnerability VCID-vsg8-h11j-63ge
20
vulnerability VCID-x7ny-9pvm-77eh
21
vulnerability VCID-xe2v-j69t-d3h3
22
vulnerability VCID-xu7c-vz69-duhp
23
vulnerability VCID-zc36-wq6m-4bbn
24
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp100
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp23
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp24
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-afe9-yqy2-8bdb
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-f9dw-g5c2-jba1
14
vulnerability VCID-fxtu-zgpf-cbhs
15
vulnerability VCID-gp4p-wthk-k3hf
16
vulnerability VCID-jkje-ckr9-6ffp
17
vulnerability VCID-k9yt-aj7x-3bht
18
vulnerability VCID-n6qs-hded-rydp
19
vulnerability VCID-p4nc-ucxy-sydb
20
vulnerability VCID-rtqu-78p2-buej
21
vulnerability VCID-vsg8-h11j-63ge
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp24
4
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp12
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-b7h9-cxkj-hkc8
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-ebzh-bpks-5qe2
16
vulnerability VCID-euw1-6mk1-n3he
17
vulnerability VCID-f9dw-g5c2-jba1
18
vulnerability VCID-fxtu-zgpf-cbhs
19
vulnerability VCID-ggs5-4zac-vqa7
20
vulnerability VCID-gp4p-wthk-k3hf
21
vulnerability VCID-h261-uqtv-yfek
22
vulnerability VCID-hrnu-4t2j-9qba
23
vulnerability VCID-hw1d-gdcv-vkec
24
vulnerability VCID-jkje-ckr9-6ffp
25
vulnerability VCID-k9yt-aj7x-3bht
26
vulnerability VCID-menx-yu2z-xkeh
27
vulnerability VCID-n6qs-hded-rydp
28
vulnerability VCID-p4nc-ucxy-sydb
29
vulnerability VCID-p9am-1rhf-6bh2
30
vulnerability VCID-rtqu-78p2-buej
31
vulnerability VCID-uug8-ap5n-r3g2
32
vulnerability VCID-vsg8-h11j-63ge
33
vulnerability VCID-xe2v-j69t-d3h3
34
vulnerability VCID-xu7c-vz69-duhp
35
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp12
5
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29049, GHSA-w28v-87g6-cjr6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a93n-jcyj-s7cb
11
url VCID-afe9-yqy2-8bdb
vulnerability_id VCID-afe9-yqy2-8bdb
summary 
Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:00:44Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28977
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66823
published_at 2026-06-06T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66775
published_at 2026-06-04T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.66815
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28977
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/242e8bcabe3e8767799d3d1e6c021a75b4ada11b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/242e8bcabe3e8767799d3d1e6c021a75b4ada11b
4
reference_url https://github.com/liferay/liferay-portal/commit/6389885476414d3cd9e3092b4708906a5bdc8a48
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/6389885476414d3cd9e3092b4708906a5bdc8a48
5
reference_url https://github.com/liferay/liferay-portal/commit/8aa3fd76f34d1a4562bd5b4f82931a0a124e31a8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8aa3fd76f34d1a4562bd5b4f82931a0a124e31a8
6
reference_url https://liferay.atlassian.net/browse/LPE-17327
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17327
7
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28977?p_r_p_assetEntryId=121612261&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612261%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28977?p_r_p_assetEntryId=121612261&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612261%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28977
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28977
9
reference_url https://web.archive.org/web/20220922060039/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220922060039/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
10
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
reference_id cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:00:44Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash
11
reference_url https://github.com/advisories/GHSA-w397-9p2j-6x23
reference_id GHSA-w397-9p2j-6x23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w397-9p2j-6x23
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-jkje-ckr9-6ffp
13
vulnerability VCID-k9yt-aj7x-3bht
14
vulnerability VCID-n6qs-hded-rydp
15
vulnerability VCID-p4nc-ucxy-sydb
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-x7ny-9pvm-77eh
19
vulnerability VCID-xe2v-j69t-d3h3
20
vulnerability VCID-xu7c-vz69-duhp
21
vulnerability VCID-zc36-wq6m-4bbn
22
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp25
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-cj4m-mvzh-ckh4
8
vulnerability VCID-e5c7-wsvb-dyfm
9
vulnerability VCID-e5h2-wvws-3yhq
10
vulnerability VCID-ebmm-3qj1-8uec
11
vulnerability VCID-euw1-6mk1-n3he
12
vulnerability VCID-f9dw-g5c2-jba1
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-gp4p-wthk-k3hf
15
vulnerability VCID-jkje-ckr9-6ffp
16
vulnerability VCID-k9yt-aj7x-3bht
17
vulnerability VCID-n6qs-hded-rydp
18
vulnerability VCID-p4nc-ucxy-sydb
19
vulnerability VCID-rtqu-78p2-buej
20
vulnerability VCID-vsg8-h11j-63ge
21
vulnerability VCID-xe2v-j69t-d3h3
22
vulnerability VCID-xu7c-vz69-duhp
23
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp25
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp14
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-b7h9-cxkj-hkc8
9
vulnerability VCID-cj4m-mvzh-ckh4
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebmm-3qj1-8uec
13
vulnerability VCID-ebzh-bpks-5qe2
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-f9dw-g5c2-jba1
16
vulnerability VCID-fxtu-zgpf-cbhs
17
vulnerability VCID-ggs5-4zac-vqa7
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-h261-uqtv-yfek
20
vulnerability VCID-hrnu-4t2j-9qba
21
vulnerability VCID-hw1d-gdcv-vkec
22
vulnerability VCID-jkje-ckr9-6ffp
23
vulnerability VCID-k9yt-aj7x-3bht
24
vulnerability VCID-menx-yu2z-xkeh
25
vulnerability VCID-n6qs-hded-rydp
26
vulnerability VCID-p4nc-ucxy-sydb
27
vulnerability VCID-p9am-1rhf-6bh2
28
vulnerability VCID-rtqu-78p2-buej
29
vulnerability VCID-vsg8-h11j-63ge
30
vulnerability VCID-xe2v-j69t-d3h3
31
vulnerability VCID-xu7c-vz69-duhp
32
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp14
aliases CVE-2022-28977, GHSA-w397-9p2j-6x23
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afe9-yqy2-8bdb
12
url VCID-e5c7-wsvb-dyfm
vulnerability_id VCID-e5c7-wsvb-dyfm
summary 
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions
In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45205
published_at 2026-06-06T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.45202
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
3
reference_url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
4
reference_url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
reference_id CVE-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:20:52Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
reference_id CVE-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
7
reference_url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
reference_id GHSA-2mvj-q2q3-wxjv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-e5h2-wvws-3yhq
3
vulnerability VCID-ebmm-3qj1-8uec
4
vulnerability VCID-ebzh-bpks-5qe2
5
vulnerability VCID-euw1-6mk1-n3he
6
vulnerability VCID-fxtu-zgpf-cbhs
7
vulnerability VCID-p4nc-ucxy-sydb
8
vulnerability VCID-rtqu-78p2-buej
9
vulnerability VCID-vsg8-h11j-63ge
10
vulnerability VCID-xe2v-j69t-d3h3
11
vulnerability VCID-xu7c-vz69-duhp
12
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-cxnv-25bg-rubj
3
vulnerability VCID-e5h2-wvws-3yhq
4
vulnerability VCID-ebzh-bpks-5qe2
5
vulnerability VCID-ef5k-bdxm-xfer
6
vulnerability VCID-euw1-6mk1-n3he
7
vulnerability VCID-ggs5-4zac-vqa7
8
vulnerability VCID-rtqu-78p2-buej
9
vulnerability VCID-tqvb-a46r-jbf8
10
vulnerability VCID-xe2v-j69t-d3h3
11
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-27a1-teqk-cbe2
2
vulnerability VCID-42k1-vb9z-3qe7
3
vulnerability VCID-9hvg-h2ra-nbcc
4
vulnerability VCID-c3ym-wtv5-hfhr
5
vulnerability VCID-cj4m-mvzh-ckh4
6
vulnerability VCID-d8m3-apv8-zfe1
7
vulnerability VCID-e5h2-wvws-3yhq
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-ggs5-4zac-vqa7
10
vulnerability VCID-gkn8-ehfa-3ugx
11
vulnerability VCID-nntr-5xwu-tya3
12
vulnerability VCID-tqvb-a46r-jbf8
13
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
aliases CVE-2024-26267, GHSA-2mvj-q2q3-wxjv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5c7-wsvb-dyfm
13
url VCID-e5h2-wvws-3yhq
vulnerability_id VCID-e5h2-wvws-3yhq
summary 
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38795
published_at 2026-06-05T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38799
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
reference_id CVE-2023-37940
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
reference_id CVE-2023-37940
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
4
reference_url https://github.com/advisories/GHSA-px38-239g-x5mg
reference_id GHSA-px38-239g-x5mg
reference_type
scores
url https://github.com/advisories/GHSA-px38-239g-x5mg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-ebzh-bpks-5qe2
2
vulnerability VCID-euw1-6mk1-n3he
3
vulnerability VCID-rtqu-78p2-buej
4
vulnerability VCID-tqvb-a46r-jbf8
5
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27a1-teqk-cbe2
1
vulnerability VCID-ebzh-bpks-5qe2
2
vulnerability VCID-ezpm-x3vx-zfe6
3
vulnerability VCID-tqvb-a46r-jbf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
aliases CVE-2023-37940, GHSA-px38-239g-x5mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5h2-wvws-3yhq
14
url VCID-ebmm-3qj1-8uec
vulnerability_id VCID-ebmm-3qj1-8uec
summary 
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29047
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52541
published_at 2026-06-04T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52609
published_at 2026-06-06T12:55:00Z
2
value 0.00288
scoring_system epss
scoring_elements 0.52601
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29047
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29047
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29047
4
reference_url https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
5
reference_url https://github.com/advisories/GHSA-9mxg-p873-6793
reference_id GHSA-9mxg-p873-6793
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9mxg-p873-6793
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29047, GHSA-9mxg-p873-6793
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebmm-3qj1-8uec
15
url VCID-euw1-6mk1-n3he
vulnerability_id VCID-euw1-6mk1-n3he
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Fragment Renderer Collection Filter Implementation before v1.0.11 from Liferay Portal (v7.4.3.4) and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28980
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48255
published_at 2026-06-06T12:55:00Z
1
value 0.00247
scoring_system epss
scoring_elements 0.48188
published_at 2026-06-04T12:55:00Z
2
value 0.00247
scoring_system epss
scoring_elements 0.48251
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28980
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed
4
reference_url https://liferay.atlassian.net/browse/LPE-17420
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17420
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28980
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28980
7
reference_url https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters
8
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
reference_id cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
9
reference_url https://github.com/advisories/GHSA-8mp9-w7gr-pvj3
reference_id GHSA-8mp9-w7gr-pvj3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8mp9-w7gr-pvj3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-27a1-teqk-cbe2
2
vulnerability VCID-42k1-vb9z-3qe7
3
vulnerability VCID-9hvg-h2ra-nbcc
4
vulnerability VCID-9yw4-52sc-rbbz
5
vulnerability VCID-c3ym-wtv5-hfhr
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-d8m3-apv8-zfe1
8
vulnerability VCID-e5c7-wsvb-dyfm
9
vulnerability VCID-e5h2-wvws-3yhq
10
vulnerability VCID-ef5k-bdxm-xfer
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-gkn8-ehfa-3ugx
13
vulnerability VCID-k9yt-aj7x-3bht
14
vulnerability VCID-menx-yu2z-xkeh
15
vulnerability VCID-rtqu-78p2-buej
16
vulnerability VCID-tqvb-a46r-jbf8
17
vulnerability VCID-uu3m-ef36-jqg7
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xn1n-5rgc-83bg
20
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
aliases CVE-2022-28980, GHSA-8mp9-w7gr-pvj3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-euw1-6mk1-n3he
16
url VCID-fxtu-zgpf-cbhs
vulnerability_id VCID-fxtu-zgpf-cbhs
summary 
Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29053
reference_id
reference_type
scores
0
value 0.00449
scoring_system epss
scoring_elements 0.6393
published_at 2026-06-04T12:55:00Z
1
value 0.00449
scoring_system epss
scoring_elements 0.6398
published_at 2026-06-06T12:55:00Z
2
value 0.00449
scoring_system epss
scoring_elements 0.63972
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29053
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29053
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29053
4
reference_url https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225
5
reference_url https://github.com/advisories/GHSA-f9wj-c5pc-g9rh
reference_id GHSA-f9wj-c5pc-g9rh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f9wj-c5pc-g9rh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29053, GHSA-f9wj-c5pc-g9rh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxtu-zgpf-cbhs
17
url VCID-gz3a-m337-s7dn
vulnerability_id VCID-gz3a-m337-s7dn
summary 
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_my_sites_web_portlet_MySitesPortlet_comments parameter.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29044
reference_id
reference_type
scores
0
value 0.00474
scoring_system epss
scoring_elements 0.65127
published_at 2026-06-04T12:55:00Z
1
value 0.00474
scoring_system epss
scoring_elements 0.6518
published_at 2026-06-06T12:55:00Z
2
value 0.00474
scoring_system epss
scoring_elements 0.65169
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29044
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29044
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29044
4
reference_url https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548
5
reference_url https://github.com/advisories/GHSA-wcr5-3q96-c2gr
reference_id GHSA-wcr5-3q96-c2gr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wcr5-3q96-c2gr
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-a93n-jcyj-s7cb
8
vulnerability VCID-afe9-yqy2-8bdb
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-jkje-ckr9-6ffp
15
vulnerability VCID-k6d6-hyep-pbac
16
vulnerability VCID-k9yt-aj7x-3bht
17
vulnerability VCID-n6qs-hded-rydp
18
vulnerability VCID-p4nc-ucxy-sydb
19
vulnerability VCID-rtqu-78p2-buej
20
vulnerability VCID-vsg8-h11j-63ge
21
vulnerability VCID-x7ny-9pvm-77eh
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
25
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-e5h2-wvws-3yhq
13
vulnerability VCID-ebmm-3qj1-8uec
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-f9dw-g5c2-jba1
16
vulnerability VCID-fxtu-zgpf-cbhs
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-jkje-ckr9-6ffp
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-n6qs-hded-rydp
21
vulnerability VCID-p4nc-ucxy-sydb
22
vulnerability VCID-rtqu-78p2-buej
23
vulnerability VCID-vsg8-h11j-63ge
24
vulnerability VCID-xe2v-j69t-d3h3
25
vulnerability VCID-xu7c-vz69-duhp
26
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
4
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29044, GHSA-wcr5-3q96-c2gr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gz3a-m337-s7dn
18
url VCID-jarq-qchk-nkc1
vulnerability_id VCID-jarq-qchk-nkc1
summary 
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module
Cross-site scripting (XSS) vulnerability in the Frontend JS module before version 4.0.18, in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a modal window.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33326
reference_id
reference_type
scores
0
value 0.00418
scoring_system epss
scoring_elements 0.62127
published_at 2026-06-04T12:55:00Z
1
value 0.00418
scoring_system epss
scoring_elements 0.62184
published_at 2026-06-06T12:55:00Z
2
value 0.00418
scoring_system epss
scoring_elements 0.62176
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33326
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/eb0590cea2d899f9e95bdb2e767466b8444aa573
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/eb0590cea2d899f9e95bdb2e767466b8444aa573
3
reference_url https://issues.liferay.com/browse/LPE-17093
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17093
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33326-xss-with-the-title-of-a-modal-window?p_r_p_assetEntryId=121610771&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121610771%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33326-xss-with-the-title-of-a-modal-window?p_r_p_assetEntryId=121610771&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121610771%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33326
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33326
6
reference_url https://github.com/advisories/GHSA-hgjv-7wjr-qwqp
reference_id GHSA-hgjv-7wjr-qwqp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgjv-7wjr-qwqp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-a93n-jcyj-s7cb
8
vulnerability VCID-afe9-yqy2-8bdb
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-jkje-ckr9-6ffp
15
vulnerability VCID-k6d6-hyep-pbac
16
vulnerability VCID-k9yt-aj7x-3bht
17
vulnerability VCID-n6qs-hded-rydp
18
vulnerability VCID-p4nc-ucxy-sydb
19
vulnerability VCID-rtqu-78p2-buej
20
vulnerability VCID-vsg8-h11j-63ge
21
vulnerability VCID-x7ny-9pvm-77eh
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
25
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-7f43-u96s-qyeq
6
vulnerability VCID-7gqd-78yq-r3be
7
vulnerability VCID-7zhe-ztqw-gkhh
8
vulnerability VCID-8jv6-163j-a7b2
9
vulnerability VCID-9471-umbz-pucy
10
vulnerability VCID-a7z8-2fzy-2qee
11
vulnerability VCID-a93n-jcyj-s7cb
12
vulnerability VCID-afe9-yqy2-8bdb
13
vulnerability VCID-b7h9-cxkj-hkc8
14
vulnerability VCID-cj4m-mvzh-ckh4
15
vulnerability VCID-e5c7-wsvb-dyfm
16
vulnerability VCID-e5h2-wvws-3yhq
17
vulnerability VCID-eaks-bevz-uuc8
18
vulnerability VCID-ebmm-3qj1-8uec
19
vulnerability VCID-ebzh-bpks-5qe2
20
vulnerability VCID-euw1-6mk1-n3he
21
vulnerability VCID-f9dw-g5c2-jba1
22
vulnerability VCID-fxtu-zgpf-cbhs
23
vulnerability VCID-ggs5-4zac-vqa7
24
vulnerability VCID-gp4p-wthk-k3hf
25
vulnerability VCID-gz3a-m337-s7dn
26
vulnerability VCID-h261-uqtv-yfek
27
vulnerability VCID-hrnu-4t2j-9qba
28
vulnerability VCID-hw1d-gdcv-vkec
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-k6d6-hyep-pbac
31
vulnerability VCID-k9yt-aj7x-3bht
32
vulnerability VCID-menx-yu2z-xkeh
33
vulnerability VCID-n6qs-hded-rydp
34
vulnerability VCID-p4nc-ucxy-sydb
35
vulnerability VCID-p9am-1rhf-6bh2
36
vulnerability VCID-qar1-pfr5-ekfm
37
vulnerability VCID-rtqu-78p2-buej
38
vulnerability VCID-uug8-ap5n-r3g2
39
vulnerability VCID-vsg8-h11j-63ge
40
vulnerability VCID-x7ny-9pvm-77eh
41
vulnerability VCID-xe2v-j69t-d3h3
42
vulnerability VCID-xu7c-vz69-duhp
43
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp9
aliases CVE-2021-33326, GHSA-hgjv-7wjr-qwqp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jarq-qchk-nkc1
19
url VCID-jkje-ckr9-6ffp
vulnerability_id VCID-jkje-ckr9-6ffp
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Site Memberships Web before 5.0.10 from Liferay Portal (7.0.1 through 7.4.1), and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:52:15Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28978
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30485
published_at 2026-06-06T12:55:00Z
1
value 0.0012
scoring_system epss
scoring_elements 0.30446
published_at 2026-06-04T12:55:00Z
2
value 0.0012
scoring_system epss
scoring_elements 0.30518
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28978
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ffdc9d1f8abf484598afdc51671a30533740c16d
4
reference_url https://liferay.atlassian.net/browse/LPE-17332
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17332
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership?p_r_p_assetEntryId=121612301&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612301%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership?p_r_p_assetEntryId=121612301&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612301%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28978
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28978
7
reference_url https://web.archive.org/web/20220922015759/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220922015759/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
8
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_id cve-2022-28978-stored-xss-with-user-name-in-site-membership
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T18:52:15Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership
9
reference_url https://github.com/advisories/GHSA-7m65-hmvg-rxpc
reference_id GHSA-7m65-hmvg-rxpc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7m65-hmvg-rxpc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-k1u8-ur3y-zucd
13
vulnerability VCID-k9yt-aj7x-3bht
14
vulnerability VCID-n6qs-hded-rydp
15
vulnerability VCID-p4nc-ucxy-sydb
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-x7ny-9pvm-77eh
19
vulnerability VCID-xe2v-j69t-d3h3
20
vulnerability VCID-xu7c-vz69-duhp
21
vulnerability VCID-zc36-wq6m-4bbn
22
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp102
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-cj4m-mvzh-ckh4
8
vulnerability VCID-e5c7-wsvb-dyfm
9
vulnerability VCID-e5h2-wvws-3yhq
10
vulnerability VCID-ebmm-3qj1-8uec
11
vulnerability VCID-euw1-6mk1-n3he
12
vulnerability VCID-f9dw-g5c2-jba1
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-gp4p-wthk-k3hf
15
vulnerability VCID-k9yt-aj7x-3bht
16
vulnerability VCID-n6qs-hded-rydp
17
vulnerability VCID-p4nc-ucxy-sydb
18
vulnerability VCID-rtqu-78p2-buej
19
vulnerability VCID-vsg8-h11j-63ge
20
vulnerability VCID-xe2v-j69t-d3h3
21
vulnerability VCID-xu7c-vz69-duhp
22
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp26
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-9yw4-52sc-rbbz
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-b7h9-cxkj-hkc8
9
vulnerability VCID-cj4m-mvzh-ckh4
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebmm-3qj1-8uec
13
vulnerability VCID-ebzh-bpks-5qe2
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-fxtu-zgpf-cbhs
16
vulnerability VCID-ggs5-4zac-vqa7
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-h261-uqtv-yfek
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-menx-yu2z-xkeh
21
vulnerability VCID-n6qs-hded-rydp
22
vulnerability VCID-p4nc-ucxy-sydb
23
vulnerability VCID-p9am-1rhf-6bh2
24
vulnerability VCID-rtqu-78p2-buej
25
vulnerability VCID-vsg8-h11j-63ge
26
vulnerability VCID-xe2v-j69t-d3h3
27
vulnerability VCID-xu7c-vz69-duhp
28
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
aliases CVE-2022-28978, GHSA-7m65-hmvg-rxpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkje-ckr9-6ffp
20
url VCID-k6d6-hyep-pbac
vulnerability_id VCID-k6d6-hyep-pbac
summary 
Liferay Portal and Liferay DXP has incorrect default permissions for site members
The Dynamic Data Mapping module before 4.0.39 from Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38268
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30425
published_at 2026-06-04T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30465
published_at 2026-06-06T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.30498
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38268
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b
3
reference_url https://liferay.atlassian.net/browse/LPE-17150
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17150
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38268
reference_id CVE-2021-38268
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38268
6
reference_url https://github.com/advisories/GHSA-f855-2rvm-5j7h
reference_id GHSA-f855-2rvm-5j7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f855-2rvm-5j7h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-jkje-ckr9-6ffp
13
vulnerability VCID-k9yt-aj7x-3bht
14
vulnerability VCID-n6qs-hded-rydp
15
vulnerability VCID-p4nc-ucxy-sydb
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-x7ny-9pvm-77eh
19
vulnerability VCID-xe2v-j69t-d3h3
20
vulnerability VCID-xu7c-vz69-duhp
21
vulnerability VCID-zc36-wq6m-4bbn
22
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-e5h2-wvws-3yhq
13
vulnerability VCID-ebmm-3qj1-8uec
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-f9dw-g5c2-jba1
16
vulnerability VCID-fxtu-zgpf-cbhs
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-jkje-ckr9-6ffp
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-n6qs-hded-rydp
21
vulnerability VCID-p4nc-ucxy-sydb
22
vulnerability VCID-rtqu-78p2-buej
23
vulnerability VCID-vsg8-h11j-63ge
24
vulnerability VCID-xe2v-j69t-d3h3
25
vulnerability VCID-xu7c-vz69-duhp
26
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
4
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-a7z8-2fzy-2qee
5
vulnerability VCID-b7h9-cxkj-hkc8
6
vulnerability VCID-c3ym-wtv5-hfhr
7
vulnerability VCID-cj4m-mvzh-ckh4
8
vulnerability VCID-cxnv-25bg-rubj
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebzh-bpks-5qe2
12
vulnerability VCID-ef5k-bdxm-xfer
13
vulnerability VCID-euw1-6mk1-n3he
14
vulnerability VCID-ggs5-4zac-vqa7
15
vulnerability VCID-h261-uqtv-yfek
16
vulnerability VCID-hrnu-4t2j-9qba
17
vulnerability VCID-hw1d-gdcv-vkec
18
vulnerability VCID-j127-h1mf-nqam
19
vulnerability VCID-k7yh-fkj8-t3fx
20
vulnerability VCID-k9yt-aj7x-3bht
21
vulnerability VCID-menx-yu2z-xkeh
22
vulnerability VCID-p9am-1rhf-6bh2
23
vulnerability VCID-q7bs-639b-pken
24
vulnerability VCID-rtqu-78p2-buej
25
vulnerability VCID-tqvb-a46r-jbf8
26
vulnerability VCID-uu3m-ef36-jqg7
27
vulnerability VCID-xa5h-2khm-efgj
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
aliases CVE-2021-38268, GHSA-f855-2rvm-5j7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6d6-hyep-pbac
21
url VCID-k9yt-aj7x-3bht
vulnerability_id VCID-k9yt-aj7x-3bht
summary 
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
reference_id
reference_type
scores
0
value 0.1765
scoring_system epss
scoring_elements 0.95236
published_at 2026-06-06T12:55:00Z
1
value 0.1765
scoring_system epss
scoring_elements 0.95235
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
3
reference_url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
reference_id CVE-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:50:15Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
reference_id CVE-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
6
reference_url https://github.com/advisories/GHSA-548x-j6x6-hcv4
reference_id GHSA-548x-j6x6-hcv4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-548x-j6x6-hcv4
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-e5h2-wvws-3yhq
3
vulnerability VCID-ebmm-3qj1-8uec
4
vulnerability VCID-ebzh-bpks-5qe2
5
vulnerability VCID-euw1-6mk1-n3he
6
vulnerability VCID-fxtu-zgpf-cbhs
7
vulnerability VCID-p4nc-ucxy-sydb
8
vulnerability VCID-rtqu-78p2-buej
9
vulnerability VCID-vsg8-h11j-63ge
10
vulnerability VCID-xe2v-j69t-d3h3
11
vulnerability VCID-xu7c-vz69-duhp
12
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-cxnv-25bg-rubj
3
vulnerability VCID-e5c7-wsvb-dyfm
4
vulnerability VCID-e5h2-wvws-3yhq
5
vulnerability VCID-ebzh-bpks-5qe2
6
vulnerability VCID-ef5k-bdxm-xfer
7
vulnerability VCID-euw1-6mk1-n3he
8
vulnerability VCID-ggs5-4zac-vqa7
9
vulnerability VCID-menx-yu2z-xkeh
10
vulnerability VCID-rtqu-78p2-buej
11
vulnerability VCID-tqvb-a46r-jbf8
12
vulnerability VCID-xe2v-j69t-d3h3
13
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-27a1-teqk-cbe2
2
vulnerability VCID-42k1-vb9z-3qe7
3
vulnerability VCID-9hvg-h2ra-nbcc
4
vulnerability VCID-c3ym-wtv5-hfhr
5
vulnerability VCID-cj4m-mvzh-ckh4
6
vulnerability VCID-d8m3-apv8-zfe1
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebzh-bpks-5qe2
10
vulnerability VCID-ggs5-4zac-vqa7
11
vulnerability VCID-gkn8-ehfa-3ugx
12
vulnerability VCID-menx-yu2z-xkeh
13
vulnerability VCID-nntr-5xwu-tya3
14
vulnerability VCID-tqvb-a46r-jbf8
15
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
aliases CVE-2024-25608, GHSA-548x-j6x6-hcv4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k9yt-aj7x-3bht
22
url VCID-n6qs-hded-rydp
vulnerability_id VCID-n6qs-hded-rydp
summary 
Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers
In Liferay Impl before 5.18.4, Liferay Users Admin Web before 5.0.33, Liferay Login Web before 5.0.18, and Liferay Commerce Account Web before 3.0.7 from Liferay Portal (7.2.0 through 7.3.5), and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26344
published_at 2026-06-06T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26352
published_at 2026-06-05T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.26248
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
reference_id CVE-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:45:01Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
reference_id CVE-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
5
reference_url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
reference_id GHSA-mwhf-6mjm-6w3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7gqd-78yq-r3be
3
vulnerability VCID-9yw4-52sc-rbbz
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-e5c7-wsvb-dyfm
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebmm-3qj1-8uec
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-euw1-6mk1-n3he
10
vulnerability VCID-fxtu-zgpf-cbhs
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-menx-yu2z-xkeh
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-p9am-1rhf-6bh2
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xu7c-vz69-duhp
20
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29038, GHSA-mwhf-6mjm-6w3h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6qs-hded-rydp
23
url VCID-p4nc-ucxy-sydb
vulnerability_id VCID-p4nc-ucxy-sydb
summary 
Liferay Portal and Liferay DXP Fails to Check Permissions
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29052
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27592
published_at 2026-06-04T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.27609
published_at 2026-06-06T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.27659
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29052
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29052
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29052
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159
5
reference_url https://github.com/advisories/GHSA-pr7v-qv65-rp9m
reference_id GHSA-pr7v-qv65-rp9m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr7v-qv65-rp9m
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29052, GHSA-pr7v-qv65-rp9m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4nc-ucxy-sydb
24
url VCID-qar1-pfr5-ekfm
vulnerability_id VCID-qar1-pfr5-ekfm
summary 
Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29040
reference_id
reference_type
scores
0
value 0.00402
scoring_system epss
scoring_elements 0.61152
published_at 2026-06-04T12:55:00Z
1
value 0.00402
scoring_system epss
scoring_elements 0.61209
published_at 2026-06-06T12:55:00Z
2
value 0.00402
scoring_system epss
scoring_elements 0.61201
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29040
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29040
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29040
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429
5
reference_url https://web.archive.org/web/20220828222656/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220828222656/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429
6
reference_url https://github.com/advisories/GHSA-87x7-pwrx-jch7
reference_id GHSA-87x7-pwrx-jch7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-87x7-pwrx-jch7
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-a93n-jcyj-s7cb
8
vulnerability VCID-afe9-yqy2-8bdb
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-jkje-ckr9-6ffp
15
vulnerability VCID-k6d6-hyep-pbac
16
vulnerability VCID-k9yt-aj7x-3bht
17
vulnerability VCID-n6qs-hded-rydp
18
vulnerability VCID-p4nc-ucxy-sydb
19
vulnerability VCID-rtqu-78p2-buej
20
vulnerability VCID-vsg8-h11j-63ge
21
vulnerability VCID-x7ny-9pvm-77eh
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
25
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
aliases CVE-2021-29040, GHSA-87x7-pwrx-jch7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qar1-pfr5-ekfm
25
url VCID-rtqu-78p2-buej
vulnerability_id VCID-rtqu-78p2-buej
summary 
Liferay Portal and Liferay DXP fails to check origin of event messages
The Remote App module before 2.0.21 from Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25146
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33849
published_at 2026-06-06T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.33833
published_at 2026-06-05T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.33727
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25146
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25146
reference_id CVE-2022-25146
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25146
6
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps
reference_id CVE-2022-25146-CSRF-TOKEN-EXFILTRATION-VIA-REMOTE-APPS
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps
7
reference_url https://github.com/advisories/GHSA-ghw5-998m-vw4w
reference_id GHSA-ghw5-998m-vw4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ghw5-998m-vw4w
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-27a1-teqk-cbe2
2
vulnerability VCID-42k1-vb9z-3qe7
3
vulnerability VCID-9hvg-h2ra-nbcc
4
vulnerability VCID-9yw4-52sc-rbbz
5
vulnerability VCID-c3ym-wtv5-hfhr
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-d8m3-apv8-zfe1
8
vulnerability VCID-e5c7-wsvb-dyfm
9
vulnerability VCID-e5h2-wvws-3yhq
10
vulnerability VCID-ebzh-bpks-5qe2
11
vulnerability VCID-ef5k-bdxm-xfer
12
vulnerability VCID-ggs5-4zac-vqa7
13
vulnerability VCID-gkn8-ehfa-3ugx
14
vulnerability VCID-k9yt-aj7x-3bht
15
vulnerability VCID-menx-yu2z-xkeh
16
vulnerability VCID-tqvb-a46r-jbf8
17
vulnerability VCID-uu3m-ef36-jqg7
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
aliases CVE-2022-25146, GHSA-ghw5-998m-vw4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rtqu-78p2-buej
26
url VCID-vsg8-h11j-63ge
vulnerability_id VCID-vsg8-h11j-63ge
summary 
Liferay Portal and Liferay DXP fails to properly import users from LDAP
Security LDAP Implementation before 2.0.16 from Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38266
reference_id
reference_type
scores
0
value 0.01851
scoring_system epss
scoring_elements 0.83353
published_at 2026-06-04T12:55:00Z
1
value 0.01851
scoring_system epss
scoring_elements 0.83379
published_at 2026-06-06T12:55:00Z
2
value 0.01851
scoring_system epss
scoring_elements 0.83377
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38266
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736
3
reference_url https://issues.liferay.com/browse/LPE-17191
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17191
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38266
reference_id CVE-2021-38266
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38266
6
reference_url https://github.com/advisories/GHSA-jp3m-vh3g-6ggp
reference_id GHSA-jp3m-vh3g-6ggp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp3m-vh3g-6ggp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-b7h9-cxkj-hkc8
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-cxnv-25bg-rubj
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-ef5k-bdxm-xfer
16
vulnerability VCID-euw1-6mk1-n3he
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-ggs5-4zac-vqa7
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-h261-uqtv-yfek
21
vulnerability VCID-hrnu-4t2j-9qba
22
vulnerability VCID-hw1d-gdcv-vkec
23
vulnerability VCID-k6d6-hyep-pbac
24
vulnerability VCID-k7yh-fkj8-t3fx
25
vulnerability VCID-k9yt-aj7x-3bht
26
vulnerability VCID-menx-yu2z-xkeh
27
vulnerability VCID-mph8-zzjv-67av
28
vulnerability VCID-n6qs-hded-rydp
29
vulnerability VCID-p4nc-ucxy-sydb
30
vulnerability VCID-p9am-1rhf-6bh2
31
vulnerability VCID-q7bs-639b-pken
32
vulnerability VCID-rtqu-78p2-buej
33
vulnerability VCID-tqvb-a46r-jbf8
34
vulnerability VCID-uu3m-ef36-jqg7
35
vulnerability VCID-uug8-ap5n-r3g2
36
vulnerability VCID-x7ny-9pvm-77eh
37
vulnerability VCID-xa5h-2khm-efgj
38
vulnerability VCID-xe2v-j69t-d3h3
39
vulnerability VCID-xwgk-d28b-rbgz
40
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
aliases CVE-2021-38266, GHSA-jp3m-vh3g-6ggp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsg8-h11j-63ge
27
url VCID-x13m-kscr-nkbf
vulnerability_id VCID-x13m-kscr-nkbf
summary 
Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate
The Flags module before version 5.0.11 in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33320
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60502
published_at 2026-06-04T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60556
published_at 2026-06-06T12:55:00Z
2
value 0.00392
scoring_system epss
scoring_elements 0.6055
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33320
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17007
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17007
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33320-flagging-content-as-inappropriate-is-not-rate-limited?p_r_p_assetEntryId=121611464&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611464%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33320-flagging-content-as-inappropriate-is-not-rate-limited?p_r_p_assetEntryId=121611464&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611464%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33320
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33320
5
reference_url https://github.com/advisories/GHSA-wg4x-hf94-fj5v
reference_id GHSA-wg4x-hf94-fj5v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wg4x-hf94-fj5v
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp96
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-a93n-jcyj-s7cb
8
vulnerability VCID-afe9-yqy2-8bdb
9
vulnerability VCID-e5c7-wsvb-dyfm
10
vulnerability VCID-e5h2-wvws-3yhq
11
vulnerability VCID-ebmm-3qj1-8uec
12
vulnerability VCID-euw1-6mk1-n3he
13
vulnerability VCID-fxtu-zgpf-cbhs
14
vulnerability VCID-jkje-ckr9-6ffp
15
vulnerability VCID-k6d6-hyep-pbac
16
vulnerability VCID-k9yt-aj7x-3bht
17
vulnerability VCID-n6qs-hded-rydp
18
vulnerability VCID-p4nc-ucxy-sydb
19
vulnerability VCID-rtqu-78p2-buej
20
vulnerability VCID-vsg8-h11j-63ge
21
vulnerability VCID-x7ny-9pvm-77eh
22
vulnerability VCID-xe2v-j69t-d3h3
23
vulnerability VCID-xu7c-vz69-duhp
24
vulnerability VCID-zc36-wq6m-4bbn
25
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp97
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-4mcy-yw2p-v7bd
6
vulnerability VCID-5vyh-n1sc-sydy
7
vulnerability VCID-67kh-3nge-vfhg
8
vulnerability VCID-68kz-zfvf-7ucw
9
vulnerability VCID-6r32-cn35-sqcb
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7gqd-78yq-r3be
12
vulnerability VCID-7zhe-ztqw-gkhh
13
vulnerability VCID-8jv6-163j-a7b2
14
vulnerability VCID-9471-umbz-pucy
15
vulnerability VCID-a7z8-2fzy-2qee
16
vulnerability VCID-a93n-jcyj-s7cb
17
vulnerability VCID-afe9-yqy2-8bdb
18
vulnerability VCID-b7h9-cxkj-hkc8
19
vulnerability VCID-c4kq-8dpb-bkc7
20
vulnerability VCID-cj4m-mvzh-ckh4
21
vulnerability VCID-d7nb-6hvn-cueh
22
vulnerability VCID-e5c7-wsvb-dyfm
23
vulnerability VCID-e5h2-wvws-3yhq
24
vulnerability VCID-eaks-bevz-uuc8
25
vulnerability VCID-ebmm-3qj1-8uec
26
vulnerability VCID-ebzh-bpks-5qe2
27
vulnerability VCID-euw1-6mk1-n3he
28
vulnerability VCID-f9dw-g5c2-jba1
29
vulnerability VCID-fxtu-zgpf-cbhs
30
vulnerability VCID-ggs5-4zac-vqa7
31
vulnerability VCID-gp4p-wthk-k3hf
32
vulnerability VCID-gv7c-qump-nyds
33
vulnerability VCID-gz3a-m337-s7dn
34
vulnerability VCID-h261-uqtv-yfek
35
vulnerability VCID-hrnu-4t2j-9qba
36
vulnerability VCID-hw1d-gdcv-vkec
37
vulnerability VCID-jarq-qchk-nkc1
38
vulnerability VCID-jkje-ckr9-6ffp
39
vulnerability VCID-jr2w-84ez-3kg2
40
vulnerability VCID-k29y-9nww-cuh6
41
vulnerability VCID-k6d6-hyep-pbac
42
vulnerability VCID-k9yt-aj7x-3bht
43
vulnerability VCID-menx-yu2z-xkeh
44
vulnerability VCID-n6qs-hded-rydp
45
vulnerability VCID-p4nc-ucxy-sydb
46
vulnerability VCID-p7s6-d63y-4ffb
47
vulnerability VCID-p9am-1rhf-6bh2
48
vulnerability VCID-qar1-pfr5-ekfm
49
vulnerability VCID-rtqu-78p2-buej
50
vulnerability VCID-sn9p-y571-ffej
51
vulnerability VCID-t51p-askk-pfcx
52
vulnerability VCID-uug8-ap5n-r3g2
53
vulnerability VCID-vrqa-ggse-wqhn
54
vulnerability VCID-vsg8-h11j-63ge
55
vulnerability VCID-x7ny-9pvm-77eh
56
vulnerability VCID-x93k-k3f7-y3hk
57
vulnerability VCID-xe2v-j69t-d3h3
58
vulnerability VCID-xu7c-vz69-duhp
59
vulnerability VCID-yq5x-4eyq-m7ba
60
vulnerability VCID-yump-6eg9-9yeq
61
vulnerability VCID-zc36-wq6m-4bbn
62
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
aliases CVE-2021-33320, GHSA-wg4x-hf94-fj5v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x13m-kscr-nkbf
28
url VCID-x7ny-9pvm-77eh
vulnerability_id VCID-x7ny-9pvm-77eh
summary 
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App
Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId parameter.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29051
reference_id
reference_type
scores
0
value 0.00317
scoring_system epss
scoring_elements 0.55074
published_at 2026-06-04T12:55:00Z
1
value 0.00317
scoring_system epss
scoring_elements 0.55139
published_at 2026-06-06T12:55:00Z
2
value 0.00317
scoring_system epss
scoring_elements 0.55132
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29051
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29051
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29051
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
5
reference_url https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
6
reference_url https://github.com/advisories/GHSA-jvvx-8g42-9559
reference_id GHSA-jvvx-8g42-9559
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvvx-8g42-9559
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-e5h2-wvws-3yhq
13
vulnerability VCID-ebmm-3qj1-8uec
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-f9dw-g5c2-jba1
16
vulnerability VCID-fxtu-zgpf-cbhs
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-jkje-ckr9-6ffp
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-n6qs-hded-rydp
21
vulnerability VCID-p4nc-ucxy-sydb
22
vulnerability VCID-rtqu-78p2-buej
23
vulnerability VCID-vsg8-h11j-63ge
24
vulnerability VCID-xe2v-j69t-d3h3
25
vulnerability VCID-xu7c-vz69-duhp
26
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29051, GHSA-jvvx-8g42-9559
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7ny-9pvm-77eh
29
url VCID-xe2v-j69t-d3h3
vulnerability_id VCID-xe2v-j69t-d3h3
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Wiki Web before 7.0.95 from Liferay Portal (7.1.0 through 7.4.3.87), and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42628
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36609
published_at 2026-06-05T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36618
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42628
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
reference_id CVE-2023-42628
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
reference_id CVE-2023-42628
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42628
5
reference_url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
reference_id GHSA-hv45-r2f5-fmhj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hv45-r2f5-fmhj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.7
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-6yj4-11z6-pfhx
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-8jv6-163j-a7b2
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-a7z8-2fzy-2qee
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-n6qs-hded-rydp
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-rtqu-78p2-buej
16
vulnerability VCID-vsg8-h11j-63ge
17
vulnerability VCID-x7ny-9pvm-77eh
18
vulnerability VCID-xu7c-vz69-duhp
19
vulnerability VCID-zc36-wq6m-4bbn
20
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.7
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7f43-u96s-qyeq
3
vulnerability VCID-8jv6-163j-a7b2
4
vulnerability VCID-9471-umbz-pucy
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebmm-3qj1-8uec
10
vulnerability VCID-euw1-6mk1-n3he
11
vulnerability VCID-fxtu-zgpf-cbhs
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-n6qs-hded-rydp
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-rtqu-78p2-buej
16
vulnerability VCID-vsg8-h11j-63ge
17
vulnerability VCID-xu7c-vz69-duhp
18
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.1
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-e5h2-wvws-3yhq
2
vulnerability VCID-ebmm-3qj1-8uec
3
vulnerability VCID-euw1-6mk1-n3he
4
vulnerability VCID-fxtu-zgpf-cbhs
5
vulnerability VCID-p4nc-ucxy-sydb
6
vulnerability VCID-rtqu-78p2-buej
7
vulnerability VCID-vsg8-h11j-63ge
8
vulnerability VCID-xu7c-vz69-duhp
9
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.1
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-ebzh-bpks-5qe2
2
vulnerability VCID-euw1-6mk1-n3he
3
vulnerability VCID-rtqu-78p2-buej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u34
4
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27a1-teqk-cbe2
1
vulnerability VCID-ebzh-bpks-5qe2
2
vulnerability VCID-ezpm-x3vx-zfe6
3
vulnerability VCID-tqvb-a46r-jbf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
aliases CVE-2023-42628, GHSA-hv45-r2f5-fmhj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xe2v-j69t-d3h3
30
url VCID-xu7c-vz69-duhp
vulnerability_id VCID-xu7c-vz69-duhp
summary 
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)
Liferay Layout Admin Web before 5.0.0 in Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38265
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39077
published_at 2026-06-04T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39171
published_at 2026-06-06T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39165
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38265
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b
3
reference_url https://liferay.atlassian.net/browse/LPE-17229
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17229
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38265
reference_id CVE-2021-38265
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38265
6
reference_url https://github.com/advisories/GHSA-3x83-whxw-pvmg
reference_id GHSA-3x83-whxw-pvmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x83-whxw-pvmg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-b7h9-cxkj-hkc8
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-cxnv-25bg-rubj
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-ef5k-bdxm-xfer
16
vulnerability VCID-euw1-6mk1-n3he
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-ggs5-4zac-vqa7
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-h261-uqtv-yfek
21
vulnerability VCID-hrnu-4t2j-9qba
22
vulnerability VCID-hw1d-gdcv-vkec
23
vulnerability VCID-k6d6-hyep-pbac
24
vulnerability VCID-k7yh-fkj8-t3fx
25
vulnerability VCID-k9yt-aj7x-3bht
26
vulnerability VCID-menx-yu2z-xkeh
27
vulnerability VCID-mph8-zzjv-67av
28
vulnerability VCID-n6qs-hded-rydp
29
vulnerability VCID-p4nc-ucxy-sydb
30
vulnerability VCID-p9am-1rhf-6bh2
31
vulnerability VCID-q7bs-639b-pken
32
vulnerability VCID-rtqu-78p2-buej
33
vulnerability VCID-tqvb-a46r-jbf8
34
vulnerability VCID-uu3m-ef36-jqg7
35
vulnerability VCID-uug8-ap5n-r3g2
36
vulnerability VCID-x7ny-9pvm-77eh
37
vulnerability VCID-xa5h-2khm-efgj
38
vulnerability VCID-xe2v-j69t-d3h3
39
vulnerability VCID-xwgk-d28b-rbgz
40
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
aliases CVE-2021-38265, GHSA-3x83-whxw-pvmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xu7c-vz69-duhp
31
url VCID-zc36-wq6m-4bbn
vulnerability_id VCID-zc36-wq6m-4bbn
summary 
Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29041
reference_id
reference_type
scores
0
value 0.00507
scoring_system epss
scoring_elements 0.66692
published_at 2026-06-06T12:55:00Z
1
value 0.00507
scoring_system epss
scoring_elements 0.66684
published_at 2026-06-05T12:55:00Z
2
value 0.00507
scoring_system epss
scoring_elements 0.66644
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29041
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://issues.liferay.com/browse/LPE-17131
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17131
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29041
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29041
5
reference_url https://github.com/advisories/GHSA-82j7-2h3j-hc7f
reference_id GHSA-82j7-2h3j-hc7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-82j7-2h3j-hc7f
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29041, GHSA-82j7-2h3j-hc7f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zc36-wq6m-4bbn
32
url VCID-znfj-psyu-2uh7
vulnerability_id VCID-znfj-psyu-2uh7
summary 
Unrestricted Upload of File with Dangerous Type
Liferay Portal, and Liferay DXP before fix pack before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15839
reference_id
reference_type
scores
0
value 0.01076
scoring_system epss
scoring_elements 0.78165
published_at 2026-06-05T12:55:00Z
1
value 0.01076
scoring_system epss
scoring_elements 0.78172
published_at 2026-06-06T12:55:00Z
2
value 0.01076
scoring_system epss
scoring_elements 0.78139
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15839
1
reference_url https://issues.liferay.com/browse/LPE-17029
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17029
2
reference_url https://issues.liferay.com/browse/LPE-17055
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17055
3
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15839
reference_id CVE-2020-15839
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15839
6
reference_url https://github.com/advisories/GHSA-c7f6-4vx5-4263
reference_id GHSA-c7f6-4vx5-4263
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7f6-4vx5-4263
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-68kz-zfvf-7ucw
8
vulnerability VCID-6r32-cn35-sqcb
9
vulnerability VCID-6yj4-11z6-pfhx
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7zhe-ztqw-gkhh
12
vulnerability VCID-8jv6-163j-a7b2
13
vulnerability VCID-9471-umbz-pucy
14
vulnerability VCID-a7z8-2fzy-2qee
15
vulnerability VCID-a93n-jcyj-s7cb
16
vulnerability VCID-afe9-yqy2-8bdb
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-ebmm-3qj1-8uec
22
vulnerability VCID-euw1-6mk1-n3he
23
vulnerability VCID-f9dw-g5c2-jba1
24
vulnerability VCID-fxtu-zgpf-cbhs
25
vulnerability VCID-gp4p-wthk-k3hf
26
vulnerability VCID-gv7c-qump-nyds
27
vulnerability VCID-gz3a-m337-s7dn
28
vulnerability VCID-jarq-qchk-nkc1
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-jr2w-84ez-3kg2
31
vulnerability VCID-k29y-9nww-cuh6
32
vulnerability VCID-k6d6-hyep-pbac
33
vulnerability VCID-k9yt-aj7x-3bht
34
vulnerability VCID-n6qs-hded-rydp
35
vulnerability VCID-p4nc-ucxy-sydb
36
vulnerability VCID-p7s6-d63y-4ffb
37
vulnerability VCID-qar1-pfr5-ekfm
38
vulnerability VCID-rtqu-78p2-buej
39
vulnerability VCID-sn9p-y571-ffej
40
vulnerability VCID-t51p-askk-pfcx
41
vulnerability VCID-vsg8-h11j-63ge
42
vulnerability VCID-x13m-kscr-nkbf
43
vulnerability VCID-x7ny-9pvm-77eh
44
vulnerability VCID-xe2v-j69t-d3h3
45
vulnerability VCID-xu7c-vz69-duhp
46
vulnerability VCID-yq5x-4eyq-m7ba
47
vulnerability VCID-yump-6eg9-9yeq
48
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-d7nb-6hvn-cueh
20
vulnerability VCID-e5c7-wsvb-dyfm
21
vulnerability VCID-e5h2-wvws-3yhq
22
vulnerability VCID-eaks-bevz-uuc8
23
vulnerability VCID-ebmm-3qj1-8uec
24
vulnerability VCID-ebzh-bpks-5qe2
25
vulnerability VCID-euw1-6mk1-n3he
26
vulnerability VCID-f9dw-g5c2-jba1
27
vulnerability VCID-fxtu-zgpf-cbhs
28
vulnerability VCID-ggs5-4zac-vqa7
29
vulnerability VCID-gp4p-wthk-k3hf
30
vulnerability VCID-gv7c-qump-nyds
31
vulnerability VCID-gz3a-m337-s7dn
32
vulnerability VCID-h261-uqtv-yfek
33
vulnerability VCID-hrnu-4t2j-9qba
34
vulnerability VCID-hw1d-gdcv-vkec
35
vulnerability VCID-jarq-qchk-nkc1
36
vulnerability VCID-jkje-ckr9-6ffp
37
vulnerability VCID-jr2w-84ez-3kg2
38
vulnerability VCID-k29y-9nww-cuh6
39
vulnerability VCID-k6d6-hyep-pbac
40
vulnerability VCID-k9yt-aj7x-3bht
41
vulnerability VCID-menx-yu2z-xkeh
42
vulnerability VCID-n6qs-hded-rydp
43
vulnerability VCID-p4nc-ucxy-sydb
44
vulnerability VCID-p7s6-d63y-4ffb
45
vulnerability VCID-p9am-1rhf-6bh2
46
vulnerability VCID-qar1-pfr5-ekfm
47
vulnerability VCID-rtqu-78p2-buej
48
vulnerability VCID-sn9p-y571-ffej
49
vulnerability VCID-t51p-askk-pfcx
50
vulnerability VCID-uug8-ap5n-r3g2
51
vulnerability VCID-vsg8-h11j-63ge
52
vulnerability VCID-x7ny-9pvm-77eh
53
vulnerability VCID-x93k-k3f7-y3hk
54
vulnerability VCID-xe2v-j69t-d3h3
55
vulnerability VCID-xu7c-vz69-duhp
56
vulnerability VCID-yq5x-4eyq-m7ba
57
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
aliases CVE-2020-15839, GHSA-c7f6-4vx5-4263
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znfj-psyu-2uh7
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp95-2