Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.14
Typemaven
Namespacecom.liferay.portal
Namerelease.dxp.bom
Version7.0.10.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.4.13.u93
Latest_non_vulnerable_version7.4.13.u93
Affected_by_vulnerabilities
0
url VCID-1fqz-psdf-g7dm
vulnerability_id VCID-1fqz-psdf-g7dm
summary 
Liferay Portal and Liferay DXP User Enumeration Vulnerability
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54034
published_at 2026-06-06T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54027
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26268
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
3
reference_url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
reference_id CVE-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:17:11Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
reference_id CVE-2024-26268
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26268
6
reference_url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
reference_id GHSA-qm43-g2xj-hvg5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qm43-g2xj-hvg5
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-e5h2-wvws-3yhq
2
vulnerability VCID-ebmm-3qj1-8uec
3
vulnerability VCID-ebzh-bpks-5qe2
4
vulnerability VCID-euw1-6mk1-n3he
5
vulnerability VCID-fxtu-zgpf-cbhs
6
vulnerability VCID-p4nc-ucxy-sydb
7
vulnerability VCID-rtqu-78p2-buej
8
vulnerability VCID-vsg8-h11j-63ge
9
vulnerability VCID-xe2v-j69t-d3h3
10
vulnerability VCID-xu7c-vz69-duhp
11
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-e5h2-wvws-3yhq
2
vulnerability VCID-ebzh-bpks-5qe2
3
vulnerability VCID-euw1-6mk1-n3he
4
vulnerability VCID-rtqu-78p2-buej
5
vulnerability VCID-tqvb-a46r-jbf8
6
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27a1-teqk-cbe2
1
vulnerability VCID-42k1-vb9z-3qe7
2
vulnerability VCID-9hvg-h2ra-nbcc
3
vulnerability VCID-c3ym-wtv5-hfhr
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-d8m3-apv8-zfe1
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebzh-bpks-5qe2
8
vulnerability VCID-gkn8-ehfa-3ugx
9
vulnerability VCID-nntr-5xwu-tya3
10
vulnerability VCID-tqvb-a46r-jbf8
11
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27
aliases CVE-2024-26268, GHSA-qm43-g2xj-hvg5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fqz-psdf-g7dm
1
url VCID-266t-4gfq-duh4
vulnerability_id VCID-266t-4gfq-duh4
summary 
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3847
published_at 2026-06-06T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38467
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25150
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
3
reference_url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
4
reference_url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
5
reference_url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
6
reference_url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
7
reference_url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
8
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
reference_id CVE-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T14:56:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
reference_id CVE-2024-25150
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
10
reference_url https://github.com/advisories/GHSA-4585-28v2-8h46
reference_id GHSA-4585-28v2-8h46
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4585-28v2-8h46
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-e5h2-wvws-3yhq
3
vulnerability VCID-ebmm-3qj1-8uec
4
vulnerability VCID-ebzh-bpks-5qe2
5
vulnerability VCID-euw1-6mk1-n3he
6
vulnerability VCID-fxtu-zgpf-cbhs
7
vulnerability VCID-p4nc-ucxy-sydb
8
vulnerability VCID-rtqu-78p2-buej
9
vulnerability VCID-vsg8-h11j-63ge
10
vulnerability VCID-xe2v-j69t-d3h3
11
vulnerability VCID-xu7c-vz69-duhp
12
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-cxnv-25bg-rubj
3
vulnerability VCID-e5c7-wsvb-dyfm
4
vulnerability VCID-e5h2-wvws-3yhq
5
vulnerability VCID-ebzh-bpks-5qe2
6
vulnerability VCID-ef5k-bdxm-xfer
7
vulnerability VCID-euw1-6mk1-n3he
8
vulnerability VCID-ggs5-4zac-vqa7
9
vulnerability VCID-menx-yu2z-xkeh
10
vulnerability VCID-rtqu-78p2-buej
11
vulnerability VCID-tqvb-a46r-jbf8
12
vulnerability VCID-xe2v-j69t-d3h3
13
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
aliases CVE-2024-25150, GHSA-4585-28v2-8h46
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-266t-4gfq-duh4
2
url VCID-6yj4-11z6-pfhx
vulnerability_id VCID-6yj4-11z6-pfhx
summary 
Liferay Portal and Liferay DXP Don't Check Permissions of Pages
The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33324
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.30682
published_at 2026-06-04T12:55:00Z
1
value 0.00121
scoring_system epss
scoring_elements 0.30721
published_at 2026-06-06T12:55:00Z
2
value 0.00121
scoring_system epss
scoring_elements 0.30755
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33324
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17001
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17001
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33324
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33324
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
5
reference_url https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063
6
reference_url https://github.com/advisories/GHSA-474f-cmx5-gm69
reference_id GHSA-474f-cmx5-gm69
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-474f-cmx5-gm69
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-cj4m-mvzh-ckh4
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-euw1-6mk1-n3he
16
vulnerability VCID-f9dw-g5c2-jba1
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-gp4p-wthk-k3hf
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-jkje-ckr9-6ffp
21
vulnerability VCID-k6d6-hyep-pbac
22
vulnerability VCID-k9yt-aj7x-3bht
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p4nc-ucxy-sydb
25
vulnerability VCID-rtqu-78p2-buej
26
vulnerability VCID-vsg8-h11j-63ge
27
vulnerability VCID-x7ny-9pvm-77eh
28
vulnerability VCID-xe2v-j69t-d3h3
29
vulnerability VCID-xu7c-vz69-duhp
30
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp20
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-4mcy-yw2p-v7bd
6
vulnerability VCID-5vyh-n1sc-sydy
7
vulnerability VCID-67kh-3nge-vfhg
8
vulnerability VCID-68kz-zfvf-7ucw
9
vulnerability VCID-6r32-cn35-sqcb
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7gqd-78yq-r3be
12
vulnerability VCID-7zhe-ztqw-gkhh
13
vulnerability VCID-8jv6-163j-a7b2
14
vulnerability VCID-9471-umbz-pucy
15
vulnerability VCID-a7z8-2fzy-2qee
16
vulnerability VCID-a93n-jcyj-s7cb
17
vulnerability VCID-afe9-yqy2-8bdb
18
vulnerability VCID-b7h9-cxkj-hkc8
19
vulnerability VCID-c4kq-8dpb-bkc7
20
vulnerability VCID-cj4m-mvzh-ckh4
21
vulnerability VCID-d7nb-6hvn-cueh
22
vulnerability VCID-e5c7-wsvb-dyfm
23
vulnerability VCID-e5h2-wvws-3yhq
24
vulnerability VCID-eaks-bevz-uuc8
25
vulnerability VCID-ebmm-3qj1-8uec
26
vulnerability VCID-ebzh-bpks-5qe2
27
vulnerability VCID-euw1-6mk1-n3he
28
vulnerability VCID-f9dw-g5c2-jba1
29
vulnerability VCID-fxtu-zgpf-cbhs
30
vulnerability VCID-ggs5-4zac-vqa7
31
vulnerability VCID-gp4p-wthk-k3hf
32
vulnerability VCID-gv7c-qump-nyds
33
vulnerability VCID-gz3a-m337-s7dn
34
vulnerability VCID-h261-uqtv-yfek
35
vulnerability VCID-hrnu-4t2j-9qba
36
vulnerability VCID-hw1d-gdcv-vkec
37
vulnerability VCID-jarq-qchk-nkc1
38
vulnerability VCID-jkje-ckr9-6ffp
39
vulnerability VCID-jr2w-84ez-3kg2
40
vulnerability VCID-k29y-9nww-cuh6
41
vulnerability VCID-k6d6-hyep-pbac
42
vulnerability VCID-k9yt-aj7x-3bht
43
vulnerability VCID-menx-yu2z-xkeh
44
vulnerability VCID-n6qs-hded-rydp
45
vulnerability VCID-p4nc-ucxy-sydb
46
vulnerability VCID-p7s6-d63y-4ffb
47
vulnerability VCID-p9am-1rhf-6bh2
48
vulnerability VCID-qar1-pfr5-ekfm
49
vulnerability VCID-rtqu-78p2-buej
50
vulnerability VCID-sn9p-y571-ffej
51
vulnerability VCID-t51p-askk-pfcx
52
vulnerability VCID-uug8-ap5n-r3g2
53
vulnerability VCID-vrqa-ggse-wqhn
54
vulnerability VCID-vsg8-h11j-63ge
55
vulnerability VCID-x7ny-9pvm-77eh
56
vulnerability VCID-x93k-k3f7-y3hk
57
vulnerability VCID-xe2v-j69t-d3h3
58
vulnerability VCID-xu7c-vz69-duhp
59
vulnerability VCID-yq5x-4eyq-m7ba
60
vulnerability VCID-yump-6eg9-9yeq
61
vulnerability VCID-zc36-wq6m-4bbn
62
vulnerability VCID-znfj-psyu-2uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
aliases CVE-2021-33324, GHSA-474f-cmx5-gm69
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yj4-11z6-pfhx
3
url VCID-7f43-u96s-qyeq
vulnerability_id VCID-7f43-u96s-qyeq
summary 
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page
Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name parameter.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29048
reference_id
reference_type
scores
0
value 0.00474
scoring_system epss
scoring_elements 0.65127
published_at 2026-06-04T12:55:00Z
1
value 0.00474
scoring_system epss
scoring_elements 0.6518
published_at 2026-06-06T12:55:00Z
2
value 0.00474
scoring_system epss
scoring_elements 0.65169
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29048
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29048
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29048
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
5
reference_url https://web.archive.org/web/20210524222536/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524222536/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
6
reference_url https://github.com/advisories/GHSA-4fx8-82f3-xcpc
reference_id GHSA-4fx8-82f3-xcpc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fx8-82f3-xcpc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp11
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-7zhe-ztqw-gkhh
6
vulnerability VCID-8jv6-163j-a7b2
7
vulnerability VCID-9471-umbz-pucy
8
vulnerability VCID-a7z8-2fzy-2qee
9
vulnerability VCID-a93n-jcyj-s7cb
10
vulnerability VCID-afe9-yqy2-8bdb
11
vulnerability VCID-b7h9-cxkj-hkc8
12
vulnerability VCID-cj4m-mvzh-ckh4
13
vulnerability VCID-e5c7-wsvb-dyfm
14
vulnerability VCID-e5h2-wvws-3yhq
15
vulnerability VCID-ebmm-3qj1-8uec
16
vulnerability VCID-ebzh-bpks-5qe2
17
vulnerability VCID-euw1-6mk1-n3he
18
vulnerability VCID-f9dw-g5c2-jba1
19
vulnerability VCID-fxtu-zgpf-cbhs
20
vulnerability VCID-ggs5-4zac-vqa7
21
vulnerability VCID-gp4p-wthk-k3hf
22
vulnerability VCID-h261-uqtv-yfek
23
vulnerability VCID-hrnu-4t2j-9qba
24
vulnerability VCID-hw1d-gdcv-vkec
25
vulnerability VCID-jkje-ckr9-6ffp
26
vulnerability VCID-k9yt-aj7x-3bht
27
vulnerability VCID-menx-yu2z-xkeh
28
vulnerability VCID-n6qs-hded-rydp
29
vulnerability VCID-p4nc-ucxy-sydb
30
vulnerability VCID-p9am-1rhf-6bh2
31
vulnerability VCID-rtqu-78p2-buej
32
vulnerability VCID-uug8-ap5n-r3g2
33
vulnerability VCID-vsg8-h11j-63ge
34
vulnerability VCID-xe2v-j69t-d3h3
35
vulnerability VCID-xu7c-vz69-duhp
36
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp11
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29048, GHSA-4fx8-82f3-xcpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7f43-u96s-qyeq
4
url VCID-8jv6-163j-a7b2
vulnerability_id VCID-8jv6-163j-a7b2
summary 
Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25149
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49533
published_at 2026-06-06T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49523
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25149
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/dfd287acb325e2cddced3910e3baba1d258509de
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149
reference_id CVE-2024-25149
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:46:50Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25149
reference_id CVE-2024-25149
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25149
5
reference_url https://github.com/advisories/GHSA-qpgh-6v9w-vfv6
reference_id GHSA-qpgh-6v9w-vfv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpgh-6v9w-vfv6
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7gqd-78yq-r3be
5
vulnerability VCID-9471-umbz-pucy
6
vulnerability VCID-9yw4-52sc-rbbz
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-b7h9-cxkj-hkc8
9
vulnerability VCID-cj4m-mvzh-ckh4
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebmm-3qj1-8uec
13
vulnerability VCID-ebzh-bpks-5qe2
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-fxtu-zgpf-cbhs
16
vulnerability VCID-ggs5-4zac-vqa7
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-h261-uqtv-yfek
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-menx-yu2z-xkeh
21
vulnerability VCID-n6qs-hded-rydp
22
vulnerability VCID-p4nc-ucxy-sydb
23
vulnerability VCID-p9am-1rhf-6bh2
24
vulnerability VCID-rtqu-78p2-buej
25
vulnerability VCID-vsg8-h11j-63ge
26
vulnerability VCID-xe2v-j69t-d3h3
27
vulnerability VCID-xu7c-vz69-duhp
28
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
aliases CVE-2024-25149, GHSA-qpgh-6v9w-vfv6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jv6-163j-a7b2
5
url VCID-9471-umbz-pucy
vulnerability_id VCID-9471-umbz-pucy
summary 
Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40266
published_at 2026-06-06T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40263
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25605
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45ffb97de7ac475335215f2b6e86ebe1e7283ab4
3
reference_url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5eb426ecc49e036ad566e829b8a2132104f7130e
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
reference_id CVE-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:21:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
reference_id CVE-2024-25605
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25605
6
reference_url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
reference_id GHSA-mf8h-grfg-j9j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mf8h-grfg-j9j3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7gqd-78yq-r3be
3
vulnerability VCID-9yw4-52sc-rbbz
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-e5c7-wsvb-dyfm
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebmm-3qj1-8uec
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-euw1-6mk1-n3he
10
vulnerability VCID-fxtu-zgpf-cbhs
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-menx-yu2z-xkeh
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-p9am-1rhf-6bh2
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xu7c-vz69-duhp
20
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
aliases CVE-2024-25605, GHSA-mf8h-grfg-j9j3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9471-umbz-pucy
6
url VCID-a7z8-2fzy-2qee
vulnerability_id VCID-a7z8-2fzy-2qee
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35713
published_at 2026-06-06T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35702
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25145
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
reference_id CVE-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-08T17:02:17Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
reference_id CVE-2024-25145
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25145
4
reference_url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
reference_id GHSA-9vgq-w5pv-v77q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vgq-w5pv-v77q
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7gqd-78yq-r3be
3
vulnerability VCID-9yw4-52sc-rbbz
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-e5c7-wsvb-dyfm
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebmm-3qj1-8uec
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-euw1-6mk1-n3he
10
vulnerability VCID-fxtu-zgpf-cbhs
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-menx-yu2z-xkeh
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-p9am-1rhf-6bh2
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xu7c-vz69-duhp
20
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-cxnv-25bg-rubj
3
vulnerability VCID-e5c7-wsvb-dyfm
4
vulnerability VCID-e5h2-wvws-3yhq
5
vulnerability VCID-ebzh-bpks-5qe2
6
vulnerability VCID-ef5k-bdxm-xfer
7
vulnerability VCID-euw1-6mk1-n3he
8
vulnerability VCID-ggs5-4zac-vqa7
9
vulnerability VCID-menx-yu2z-xkeh
10
vulnerability VCID-rtqu-78p2-buej
11
vulnerability VCID-tqvb-a46r-jbf8
12
vulnerability VCID-xe2v-j69t-d3h3
13
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.13u8
aliases CVE-2024-25145, GHSA-9vgq-w5pv-v77q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7z8-2fzy-2qee
7
url VCID-e5c7-wsvb-dyfm
vulnerability_id VCID-e5c7-wsvb-dyfm
summary 
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions
In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45205
published_at 2026-06-06T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.45202
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26267
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95
3
reference_url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c
4
reference_url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
reference_id CVE-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T15:20:52Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
reference_id CVE-2024-26267
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26267
7
reference_url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
reference_id GHSA-2mvj-q2q3-wxjv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mvj-q2q3-wxjv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-e5h2-wvws-3yhq
3
vulnerability VCID-ebmm-3qj1-8uec
4
vulnerability VCID-ebzh-bpks-5qe2
5
vulnerability VCID-euw1-6mk1-n3he
6
vulnerability VCID-fxtu-zgpf-cbhs
7
vulnerability VCID-p4nc-ucxy-sydb
8
vulnerability VCID-rtqu-78p2-buej
9
vulnerability VCID-vsg8-h11j-63ge
10
vulnerability VCID-xe2v-j69t-d3h3
11
vulnerability VCID-xu7c-vz69-duhp
12
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-cxnv-25bg-rubj
3
vulnerability VCID-e5h2-wvws-3yhq
4
vulnerability VCID-ebzh-bpks-5qe2
5
vulnerability VCID-ef5k-bdxm-xfer
6
vulnerability VCID-euw1-6mk1-n3he
7
vulnerability VCID-ggs5-4zac-vqa7
8
vulnerability VCID-rtqu-78p2-buej
9
vulnerability VCID-tqvb-a46r-jbf8
10
vulnerability VCID-xe2v-j69t-d3h3
11
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u5
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-27a1-teqk-cbe2
2
vulnerability VCID-42k1-vb9z-3qe7
3
vulnerability VCID-9hvg-h2ra-nbcc
4
vulnerability VCID-c3ym-wtv5-hfhr
5
vulnerability VCID-cj4m-mvzh-ckh4
6
vulnerability VCID-d8m3-apv8-zfe1
7
vulnerability VCID-e5h2-wvws-3yhq
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-ggs5-4zac-vqa7
10
vulnerability VCID-gkn8-ehfa-3ugx
11
vulnerability VCID-nntr-5xwu-tya3
12
vulnerability VCID-tqvb-a46r-jbf8
13
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u26
aliases CVE-2024-26267, GHSA-2mvj-q2q3-wxjv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5c7-wsvb-dyfm
8
url VCID-e5h2-wvws-3yhq
vulnerability_id VCID-e5h2-wvws-3yhq
summary 
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38795
published_at 2026-06-05T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38799
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
reference_id CVE-2023-37940
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
reference_id CVE-2023-37940
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
4
reference_url https://github.com/advisories/GHSA-px38-239g-x5mg
reference_id GHSA-px38-239g-x5mg
reference_type
scores
url https://github.com/advisories/GHSA-px38-239g-x5mg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cj4m-mvzh-ckh4
1
vulnerability VCID-ebzh-bpks-5qe2
2
vulnerability VCID-euw1-6mk1-n3he
3
vulnerability VCID-rtqu-78p2-buej
4
vulnerability VCID-tqvb-a46r-jbf8
5
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u30
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27a1-teqk-cbe2
1
vulnerability VCID-ebzh-bpks-5qe2
2
vulnerability VCID-ezpm-x3vx-zfe6
3
vulnerability VCID-tqvb-a46r-jbf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u88
aliases CVE-2023-37940, GHSA-px38-239g-x5mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5h2-wvws-3yhq
9
url VCID-ebmm-3qj1-8uec
vulnerability_id VCID-ebmm-3qj1-8uec
summary 
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29047
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52541
published_at 2026-06-04T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52609
published_at 2026-06-06T12:55:00Z
2
value 0.00288
scoring_system epss
scoring_elements 0.52601
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29047
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29047
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29047
4
reference_url https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524180455/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
5
reference_url https://github.com/advisories/GHSA-9mxg-p873-6793
reference_id GHSA-9mxg-p873-6793
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9mxg-p873-6793
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29047, GHSA-9mxg-p873-6793
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebmm-3qj1-8uec
10
url VCID-euw1-6mk1-n3he
vulnerability_id VCID-euw1-6mk1-n3he
summary 
Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Fragment Renderer Collection Filter Implementation before v1.0.11 from Liferay Portal (v7.4.3.4) and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28980
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48255
published_at 2026-06-06T12:55:00Z
1
value 0.00247
scoring_system epss
scoring_elements 0.48188
published_at 2026-06-04T12:55:00Z
2
value 0.00247
scoring_system epss
scoring_elements 0.48251
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28980
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b4ea3e9acb6c3602b9c90538ba35f11906dc07ed
4
reference_url https://liferay.atlassian.net/browse/LPE-17420
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17420
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28980-reflected-xss-with-filter_-parameters-in-applied-fragment-filters?p_r_p_assetEntryId=121612438&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612438%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28980
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28980
7
reference_url https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221114081624/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters
8
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
reference_id cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T17:48:12Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters
9
reference_url https://github.com/advisories/GHSA-8mp9-w7gr-pvj3
reference_id GHSA-8mp9-w7gr-pvj3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8mp9-w7gr-pvj3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.3.5-ga5
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-27a1-teqk-cbe2
2
vulnerability VCID-42k1-vb9z-3qe7
3
vulnerability VCID-9hvg-h2ra-nbcc
4
vulnerability VCID-9yw4-52sc-rbbz
5
vulnerability VCID-c3ym-wtv5-hfhr
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-d8m3-apv8-zfe1
8
vulnerability VCID-e5c7-wsvb-dyfm
9
vulnerability VCID-e5h2-wvws-3yhq
10
vulnerability VCID-ef5k-bdxm-xfer
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-gkn8-ehfa-3ugx
13
vulnerability VCID-k9yt-aj7x-3bht
14
vulnerability VCID-menx-yu2z-xkeh
15
vulnerability VCID-rtqu-78p2-buej
16
vulnerability VCID-tqvb-a46r-jbf8
17
vulnerability VCID-uu3m-ef36-jqg7
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xn1n-5rgc-83bg
20
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.10.ep1
aliases CVE-2022-28980, GHSA-8mp9-w7gr-pvj3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-euw1-6mk1-n3he
11
url VCID-fxtu-zgpf-cbhs
vulnerability_id VCID-fxtu-zgpf-cbhs
summary 
Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29053
reference_id
reference_type
scores
0
value 0.00449
scoring_system epss
scoring_elements 0.6393
published_at 2026-06-04T12:55:00Z
1
value 0.00449
scoring_system epss
scoring_elements 0.6398
published_at 2026-06-06T12:55:00Z
2
value 0.00449
scoring_system epss
scoring_elements 0.63972
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29053
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29053
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29053
4
reference_url https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20221121171927/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225
5
reference_url https://github.com/advisories/GHSA-f9wj-c5pc-g9rh
reference_id GHSA-f9wj-c5pc-g9rh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f9wj-c5pc-g9rh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29053, GHSA-f9wj-c5pc-g9rh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxtu-zgpf-cbhs
12
url VCID-k9yt-aj7x-3bht
vulnerability_id VCID-k9yt-aj7x-3bht
summary 
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
reference_id
reference_type
scores
0
value 0.1765
scoring_system epss
scoring_elements 0.95236
published_at 2026-06-06T12:55:00Z
1
value 0.1765
scoring_system epss
scoring_elements 0.95235
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25608
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
3
reference_url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
reference_id CVE-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:50:15Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
reference_id CVE-2024-25608
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25608
6
reference_url https://github.com/advisories/GHSA-548x-j6x6-hcv4
reference_id GHSA-548x-j6x6-hcv4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-548x-j6x6-hcv4
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-e5h2-wvws-3yhq
3
vulnerability VCID-ebmm-3qj1-8uec
4
vulnerability VCID-ebzh-bpks-5qe2
5
vulnerability VCID-euw1-6mk1-n3he
6
vulnerability VCID-fxtu-zgpf-cbhs
7
vulnerability VCID-p4nc-ucxy-sydb
8
vulnerability VCID-rtqu-78p2-buej
9
vulnerability VCID-vsg8-h11j-63ge
10
vulnerability VCID-xe2v-j69t-d3h3
11
vulnerability VCID-xu7c-vz69-duhp
12
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-cj4m-mvzh-ckh4
2
vulnerability VCID-cxnv-25bg-rubj
3
vulnerability VCID-e5c7-wsvb-dyfm
4
vulnerability VCID-e5h2-wvws-3yhq
5
vulnerability VCID-ebzh-bpks-5qe2
6
vulnerability VCID-ef5k-bdxm-xfer
7
vulnerability VCID-euw1-6mk1-n3he
8
vulnerability VCID-ggs5-4zac-vqa7
9
vulnerability VCID-menx-yu2z-xkeh
10
vulnerability VCID-rtqu-78p2-buej
11
vulnerability VCID-tqvb-a46r-jbf8
12
vulnerability VCID-xe2v-j69t-d3h3
13
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-27a1-teqk-cbe2
2
vulnerability VCID-42k1-vb9z-3qe7
3
vulnerability VCID-9hvg-h2ra-nbcc
4
vulnerability VCID-c3ym-wtv5-hfhr
5
vulnerability VCID-cj4m-mvzh-ckh4
6
vulnerability VCID-d8m3-apv8-zfe1
7
vulnerability VCID-e5c7-wsvb-dyfm
8
vulnerability VCID-e5h2-wvws-3yhq
9
vulnerability VCID-ebzh-bpks-5qe2
10
vulnerability VCID-ggs5-4zac-vqa7
11
vulnerability VCID-gkn8-ehfa-3ugx
12
vulnerability VCID-menx-yu2z-xkeh
13
vulnerability VCID-nntr-5xwu-tya3
14
vulnerability VCID-tqvb-a46r-jbf8
15
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u19
aliases CVE-2024-25608, GHSA-548x-j6x6-hcv4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k9yt-aj7x-3bht
13
url VCID-n6qs-hded-rydp
vulnerability_id VCID-n6qs-hded-rydp
summary 
Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers
In Liferay Impl before 5.18.4, Liferay Users Admin Web before 5.0.33, Liferay Login Web before 5.0.18, and Liferay Commerce Account Web before 3.0.7 from Liferay Portal (7.2.0 through 7.3.5), and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26344
published_at 2026-06-06T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26352
published_at 2026-06-05T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.26248
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
reference_id CVE-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:45:01Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
reference_id CVE-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
5
reference_url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
reference_id GHSA-mwhf-6mjm-6w3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-7gqd-78yq-r3be
3
vulnerability VCID-9yw4-52sc-rbbz
4
vulnerability VCID-cj4m-mvzh-ckh4
5
vulnerability VCID-e5c7-wsvb-dyfm
6
vulnerability VCID-e5h2-wvws-3yhq
7
vulnerability VCID-ebmm-3qj1-8uec
8
vulnerability VCID-ebzh-bpks-5qe2
9
vulnerability VCID-euw1-6mk1-n3he
10
vulnerability VCID-fxtu-zgpf-cbhs
11
vulnerability VCID-ggs5-4zac-vqa7
12
vulnerability VCID-k9yt-aj7x-3bht
13
vulnerability VCID-menx-yu2z-xkeh
14
vulnerability VCID-p4nc-ucxy-sydb
15
vulnerability VCID-p9am-1rhf-6bh2
16
vulnerability VCID-rtqu-78p2-buej
17
vulnerability VCID-vsg8-h11j-63ge
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xu7c-vz69-duhp
20
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp17
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29038, GHSA-mwhf-6mjm-6w3h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6qs-hded-rydp
14
url VCID-p4nc-ucxy-sydb
vulnerability_id VCID-p4nc-ucxy-sydb
summary 
Liferay Portal and Liferay DXP Fails to Check Permissions
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29052
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27592
published_at 2026-06-04T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.27609
published_at 2026-06-06T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.27659
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29052
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29052
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29052
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159
5
reference_url https://github.com/advisories/GHSA-pr7v-qv65-rp9m
reference_id GHSA-pr7v-qv65-rp9m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr7v-qv65-rp9m
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29052, GHSA-pr7v-qv65-rp9m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4nc-ucxy-sydb
15
url VCID-rtqu-78p2-buej
vulnerability_id VCID-rtqu-78p2-buej
summary 
Liferay Portal and Liferay DXP fails to check origin of event messages
The Remote App module before 2.0.21 from Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25146
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33849
published_at 2026-06-06T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.33833
published_at 2026-06-05T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.33727
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25146
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25146
reference_id CVE-2022-25146
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25146
6
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps
reference_id CVE-2022-25146-CSRF-TOKEN-EXFILTRATION-VIA-REMOTE-APPS
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps
7
reference_url https://github.com/advisories/GHSA-ghw5-998m-vw4w
reference_id GHSA-ghw5-998m-vw4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ghw5-998m-vw4w
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-27a1-teqk-cbe2
2
vulnerability VCID-42k1-vb9z-3qe7
3
vulnerability VCID-9hvg-h2ra-nbcc
4
vulnerability VCID-9yw4-52sc-rbbz
5
vulnerability VCID-c3ym-wtv5-hfhr
6
vulnerability VCID-cj4m-mvzh-ckh4
7
vulnerability VCID-d8m3-apv8-zfe1
8
vulnerability VCID-e5c7-wsvb-dyfm
9
vulnerability VCID-e5h2-wvws-3yhq
10
vulnerability VCID-ebzh-bpks-5qe2
11
vulnerability VCID-ef5k-bdxm-xfer
12
vulnerability VCID-ggs5-4zac-vqa7
13
vulnerability VCID-gkn8-ehfa-3ugx
14
vulnerability VCID-k9yt-aj7x-3bht
15
vulnerability VCID-menx-yu2z-xkeh
16
vulnerability VCID-tqvb-a46r-jbf8
17
vulnerability VCID-uu3m-ef36-jqg7
18
vulnerability VCID-xe2v-j69t-d3h3
19
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5
aliases CVE-2022-25146, GHSA-ghw5-998m-vw4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rtqu-78p2-buej
16
url VCID-vsg8-h11j-63ge
vulnerability_id VCID-vsg8-h11j-63ge
summary 
Liferay Portal and Liferay DXP fails to properly import users from LDAP
Security LDAP Implementation before 2.0.16 from Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38266
reference_id
reference_type
scores
0
value 0.01851
scoring_system epss
scoring_elements 0.83353
published_at 2026-06-04T12:55:00Z
1
value 0.01851
scoring_system epss
scoring_elements 0.83379
published_at 2026-06-06T12:55:00Z
2
value 0.01851
scoring_system epss
scoring_elements 0.83377
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38266
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736
3
reference_url https://issues.liferay.com/browse/LPE-17191
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17191
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38266
reference_id CVE-2021-38266
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38266
6
reference_url https://github.com/advisories/GHSA-jp3m-vh3g-6ggp
reference_id GHSA-jp3m-vh3g-6ggp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp3m-vh3g-6ggp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-b7h9-cxkj-hkc8
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-cxnv-25bg-rubj
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-ef5k-bdxm-xfer
16
vulnerability VCID-euw1-6mk1-n3he
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-ggs5-4zac-vqa7
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-h261-uqtv-yfek
21
vulnerability VCID-hrnu-4t2j-9qba
22
vulnerability VCID-hw1d-gdcv-vkec
23
vulnerability VCID-k6d6-hyep-pbac
24
vulnerability VCID-k7yh-fkj8-t3fx
25
vulnerability VCID-k9yt-aj7x-3bht
26
vulnerability VCID-menx-yu2z-xkeh
27
vulnerability VCID-mph8-zzjv-67av
28
vulnerability VCID-n6qs-hded-rydp
29
vulnerability VCID-p4nc-ucxy-sydb
30
vulnerability VCID-p9am-1rhf-6bh2
31
vulnerability VCID-q7bs-639b-pken
32
vulnerability VCID-rtqu-78p2-buej
33
vulnerability VCID-tqvb-a46r-jbf8
34
vulnerability VCID-uu3m-ef36-jqg7
35
vulnerability VCID-uug8-ap5n-r3g2
36
vulnerability VCID-x7ny-9pvm-77eh
37
vulnerability VCID-xa5h-2khm-efgj
38
vulnerability VCID-xe2v-j69t-d3h3
39
vulnerability VCID-xwgk-d28b-rbgz
40
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
aliases CVE-2021-38266, GHSA-jp3m-vh3g-6ggp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsg8-h11j-63ge
17
url VCID-x7ny-9pvm-77eh
vulnerability_id VCID-x7ny-9pvm-77eh
summary 
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App
Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId parameter.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29051
reference_id
reference_type
scores
0
value 0.00317
scoring_system epss
scoring_elements 0.55074
published_at 2026-06-04T12:55:00Z
1
value 0.00317
scoring_system epss
scoring_elements 0.55139
published_at 2026-06-06T12:55:00Z
2
value 0.00317
scoring_system epss
scoring_elements 0.55132
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29051
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29051
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29051
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
5
reference_url https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210524223247/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580
6
reference_url https://github.com/advisories/GHSA-jvvx-8g42-9559
reference_id GHSA-jvvx-8g42-9559
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvvx-8g42-9559
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-5vyh-n1sc-sydy
3
vulnerability VCID-7f43-u96s-qyeq
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-8jv6-163j-a7b2
6
vulnerability VCID-9471-umbz-pucy
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-afe9-yqy2-8bdb
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-e5h2-wvws-3yhq
13
vulnerability VCID-ebmm-3qj1-8uec
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-f9dw-g5c2-jba1
16
vulnerability VCID-fxtu-zgpf-cbhs
17
vulnerability VCID-gp4p-wthk-k3hf
18
vulnerability VCID-jkje-ckr9-6ffp
19
vulnerability VCID-k9yt-aj7x-3bht
20
vulnerability VCID-n6qs-hded-rydp
21
vulnerability VCID-p4nc-ucxy-sydb
22
vulnerability VCID-rtqu-78p2-buej
23
vulnerability VCID-vsg8-h11j-63ge
24
vulnerability VCID-xe2v-j69t-d3h3
25
vulnerability VCID-xu7c-vz69-duhp
26
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-5vyh-n1sc-sydy
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-8jv6-163j-a7b2
8
vulnerability VCID-9471-umbz-pucy
9
vulnerability VCID-a7z8-2fzy-2qee
10
vulnerability VCID-a93n-jcyj-s7cb
11
vulnerability VCID-afe9-yqy2-8bdb
12
vulnerability VCID-b7h9-cxkj-hkc8
13
vulnerability VCID-cj4m-mvzh-ckh4
14
vulnerability VCID-e5c7-wsvb-dyfm
15
vulnerability VCID-e5h2-wvws-3yhq
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-ebmm-3qj1-8uec
18
vulnerability VCID-ebzh-bpks-5qe2
19
vulnerability VCID-euw1-6mk1-n3he
20
vulnerability VCID-f9dw-g5c2-jba1
21
vulnerability VCID-fxtu-zgpf-cbhs
22
vulnerability VCID-ggs5-4zac-vqa7
23
vulnerability VCID-gp4p-wthk-k3hf
24
vulnerability VCID-h261-uqtv-yfek
25
vulnerability VCID-hrnu-4t2j-9qba
26
vulnerability VCID-hw1d-gdcv-vkec
27
vulnerability VCID-jkje-ckr9-6ffp
28
vulnerability VCID-k9yt-aj7x-3bht
29
vulnerability VCID-menx-yu2z-xkeh
30
vulnerability VCID-n6qs-hded-rydp
31
vulnerability VCID-p4nc-ucxy-sydb
32
vulnerability VCID-p9am-1rhf-6bh2
33
vulnerability VCID-rtqu-78p2-buej
34
vulnerability VCID-uug8-ap5n-r3g2
35
vulnerability VCID-vsg8-h11j-63ge
36
vulnerability VCID-xe2v-j69t-d3h3
37
vulnerability VCID-xu7c-vz69-duhp
38
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29051, GHSA-jvvx-8g42-9559
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7ny-9pvm-77eh
18
url VCID-xu7c-vz69-duhp
vulnerability_id VCID-xu7c-vz69-duhp
summary 
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)
Liferay Layout Admin Web before 5.0.0 in Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38265
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39077
published_at 2026-06-04T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39171
published_at 2026-06-06T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39165
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38265
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b
3
reference_url https://liferay.atlassian.net/browse/LPE-17229
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17229
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38265
reference_id CVE-2021-38265
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38265
6
reference_url https://github.com/advisories/GHSA-3x83-whxw-pvmg
reference_id GHSA-3x83-whxw-pvmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x83-whxw-pvmg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-b7h9-cxkj-hkc8
10
vulnerability VCID-cj4m-mvzh-ckh4
11
vulnerability VCID-cxnv-25bg-rubj
12
vulnerability VCID-e5c7-wsvb-dyfm
13
vulnerability VCID-e5h2-wvws-3yhq
14
vulnerability VCID-ebmm-3qj1-8uec
15
vulnerability VCID-ef5k-bdxm-xfer
16
vulnerability VCID-euw1-6mk1-n3he
17
vulnerability VCID-fxtu-zgpf-cbhs
18
vulnerability VCID-ggs5-4zac-vqa7
19
vulnerability VCID-gz3a-m337-s7dn
20
vulnerability VCID-h261-uqtv-yfek
21
vulnerability VCID-hrnu-4t2j-9qba
22
vulnerability VCID-hw1d-gdcv-vkec
23
vulnerability VCID-k6d6-hyep-pbac
24
vulnerability VCID-k7yh-fkj8-t3fx
25
vulnerability VCID-k9yt-aj7x-3bht
26
vulnerability VCID-menx-yu2z-xkeh
27
vulnerability VCID-mph8-zzjv-67av
28
vulnerability VCID-n6qs-hded-rydp
29
vulnerability VCID-p4nc-ucxy-sydb
30
vulnerability VCID-p9am-1rhf-6bh2
31
vulnerability VCID-q7bs-639b-pken
32
vulnerability VCID-rtqu-78p2-buej
33
vulnerability VCID-tqvb-a46r-jbf8
34
vulnerability VCID-uu3m-ef36-jqg7
35
vulnerability VCID-uug8-ap5n-r3g2
36
vulnerability VCID-x7ny-9pvm-77eh
37
vulnerability VCID-xa5h-2khm-efgj
38
vulnerability VCID-xe2v-j69t-d3h3
39
vulnerability VCID-xwgk-d28b-rbgz
40
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10
aliases CVE-2021-38265, GHSA-3x83-whxw-pvmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xu7c-vz69-duhp
19
url VCID-zc36-wq6m-4bbn
vulnerability_id VCID-zc36-wq6m-4bbn
summary 
Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29041
reference_id
reference_type
scores
0
value 0.00507
scoring_system epss
scoring_elements 0.66692
published_at 2026-06-06T12:55:00Z
1
value 0.00507
scoring_system epss
scoring_elements 0.66684
published_at 2026-06-05T12:55:00Z
2
value 0.00507
scoring_system epss
scoring_elements 0.66644
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29041
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://issues.liferay.com/browse/LPE-17131
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17131
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29041
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29041
5
reference_url https://github.com/advisories/GHSA-82j7-2h3j-hc7f
reference_id GHSA-82j7-2h3j-hc7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-82j7-2h3j-hc7f
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7gqd-78yq-r3be
4
vulnerability VCID-7zhe-ztqw-gkhh
5
vulnerability VCID-a7z8-2fzy-2qee
6
vulnerability VCID-b7h9-cxkj-hkc8
7
vulnerability VCID-c3ym-wtv5-hfhr
8
vulnerability VCID-cj4m-mvzh-ckh4
9
vulnerability VCID-cxnv-25bg-rubj
10
vulnerability VCID-e5c7-wsvb-dyfm
11
vulnerability VCID-e5h2-wvws-3yhq
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-ef5k-bdxm-xfer
14
vulnerability VCID-euw1-6mk1-n3he
15
vulnerability VCID-ggs5-4zac-vqa7
16
vulnerability VCID-h261-uqtv-yfek
17
vulnerability VCID-hrnu-4t2j-9qba
18
vulnerability VCID-hw1d-gdcv-vkec
19
vulnerability VCID-k6d6-hyep-pbac
20
vulnerability VCID-k7yh-fkj8-t3fx
21
vulnerability VCID-k9yt-aj7x-3bht
22
vulnerability VCID-menx-yu2z-xkeh
23
vulnerability VCID-mph8-zzjv-67av
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-rtqu-78p2-buej
27
vulnerability VCID-tqvb-a46r-jbf8
28
vulnerability VCID-uu3m-ef36-jqg7
29
vulnerability VCID-uug8-ap5n-r3g2
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp1
aliases CVE-2021-29041, GHSA-82j7-2h3j-hc7f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zc36-wq6m-4bbn
20
url VCID-znfj-psyu-2uh7
vulnerability_id VCID-znfj-psyu-2uh7
summary 
Unrestricted Upload of File with Dangerous Type
Liferay Portal, and Liferay DXP before fix pack before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15839
reference_id
reference_type
scores
0
value 0.01076
scoring_system epss
scoring_elements 0.78165
published_at 2026-06-05T12:55:00Z
1
value 0.01076
scoring_system epss
scoring_elements 0.78172
published_at 2026-06-06T12:55:00Z
2
value 0.01076
scoring_system epss
scoring_elements 0.78139
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15839
1
reference_url https://issues.liferay.com/browse/LPE-17029
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17029
2
reference_url https://issues.liferay.com/browse/LPE-17055
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17055
3
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15839
reference_id CVE-2020-15839
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15839
6
reference_url https://github.com/advisories/GHSA-c7f6-4vx5-4263
reference_id GHSA-c7f6-4vx5-4263
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7f6-4vx5-4263
fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-2dc6-guhs-juhy
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-68kz-zfvf-7ucw
8
vulnerability VCID-6r32-cn35-sqcb
9
vulnerability VCID-6yj4-11z6-pfhx
10
vulnerability VCID-7f43-u96s-qyeq
11
vulnerability VCID-7zhe-ztqw-gkhh
12
vulnerability VCID-8jv6-163j-a7b2
13
vulnerability VCID-9471-umbz-pucy
14
vulnerability VCID-a7z8-2fzy-2qee
15
vulnerability VCID-a93n-jcyj-s7cb
16
vulnerability VCID-afe9-yqy2-8bdb
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-e5c7-wsvb-dyfm
20
vulnerability VCID-e5h2-wvws-3yhq
21
vulnerability VCID-ebmm-3qj1-8uec
22
vulnerability VCID-euw1-6mk1-n3he
23
vulnerability VCID-f9dw-g5c2-jba1
24
vulnerability VCID-fxtu-zgpf-cbhs
25
vulnerability VCID-gp4p-wthk-k3hf
26
vulnerability VCID-gv7c-qump-nyds
27
vulnerability VCID-gz3a-m337-s7dn
28
vulnerability VCID-jarq-qchk-nkc1
29
vulnerability VCID-jkje-ckr9-6ffp
30
vulnerability VCID-jr2w-84ez-3kg2
31
vulnerability VCID-k29y-9nww-cuh6
32
vulnerability VCID-k6d6-hyep-pbac
33
vulnerability VCID-k9yt-aj7x-3bht
34
vulnerability VCID-n6qs-hded-rydp
35
vulnerability VCID-p4nc-ucxy-sydb
36
vulnerability VCID-p7s6-d63y-4ffb
37
vulnerability VCID-qar1-pfr5-ekfm
38
vulnerability VCID-rtqu-78p2-buej
39
vulnerability VCID-sn9p-y571-ffej
40
vulnerability VCID-t51p-askk-pfcx
41
vulnerability VCID-vsg8-h11j-63ge
42
vulnerability VCID-x13m-kscr-nkbf
43
vulnerability VCID-x7ny-9pvm-77eh
44
vulnerability VCID-xe2v-j69t-d3h3
45
vulnerability VCID-xu7c-vz69-duhp
46
vulnerability VCID-yq5x-4eyq-m7ba
47
vulnerability VCID-yump-6eg9-9yeq
48
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1fqz-psdf-g7dm
2
vulnerability VCID-1h16-mptk-gke7
3
vulnerability VCID-266t-4gfq-duh4
4
vulnerability VCID-4mcy-yw2p-v7bd
5
vulnerability VCID-5vyh-n1sc-sydy
6
vulnerability VCID-67kh-3nge-vfhg
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-7f43-u96s-qyeq
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-8jv6-163j-a7b2
12
vulnerability VCID-9471-umbz-pucy
13
vulnerability VCID-a7z8-2fzy-2qee
14
vulnerability VCID-a93n-jcyj-s7cb
15
vulnerability VCID-afe9-yqy2-8bdb
16
vulnerability VCID-b7h9-cxkj-hkc8
17
vulnerability VCID-c4kq-8dpb-bkc7
18
vulnerability VCID-cj4m-mvzh-ckh4
19
vulnerability VCID-d7nb-6hvn-cueh
20
vulnerability VCID-e5c7-wsvb-dyfm
21
vulnerability VCID-e5h2-wvws-3yhq
22
vulnerability VCID-eaks-bevz-uuc8
23
vulnerability VCID-ebmm-3qj1-8uec
24
vulnerability VCID-ebzh-bpks-5qe2
25
vulnerability VCID-euw1-6mk1-n3he
26
vulnerability VCID-f9dw-g5c2-jba1
27
vulnerability VCID-fxtu-zgpf-cbhs
28
vulnerability VCID-ggs5-4zac-vqa7
29
vulnerability VCID-gp4p-wthk-k3hf
30
vulnerability VCID-gv7c-qump-nyds
31
vulnerability VCID-gz3a-m337-s7dn
32
vulnerability VCID-h261-uqtv-yfek
33
vulnerability VCID-hrnu-4t2j-9qba
34
vulnerability VCID-hw1d-gdcv-vkec
35
vulnerability VCID-jarq-qchk-nkc1
36
vulnerability VCID-jkje-ckr9-6ffp
37
vulnerability VCID-jr2w-84ez-3kg2
38
vulnerability VCID-k29y-9nww-cuh6
39
vulnerability VCID-k6d6-hyep-pbac
40
vulnerability VCID-k9yt-aj7x-3bht
41
vulnerability VCID-menx-yu2z-xkeh
42
vulnerability VCID-n6qs-hded-rydp
43
vulnerability VCID-p4nc-ucxy-sydb
44
vulnerability VCID-p7s6-d63y-4ffb
45
vulnerability VCID-p9am-1rhf-6bh2
46
vulnerability VCID-qar1-pfr5-ekfm
47
vulnerability VCID-rtqu-78p2-buej
48
vulnerability VCID-sn9p-y571-ffej
49
vulnerability VCID-t51p-askk-pfcx
50
vulnerability VCID-uug8-ap5n-r3g2
51
vulnerability VCID-vsg8-h11j-63ge
52
vulnerability VCID-x7ny-9pvm-77eh
53
vulnerability VCID-x93k-k3f7-y3hk
54
vulnerability VCID-xe2v-j69t-d3h3
55
vulnerability VCID-xu7c-vz69-duhp
56
vulnerability VCID-yq5x-4eyq-m7ba
57
vulnerability VCID-zc36-wq6m-4bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6
aliases CVE-2020-15839, GHSA-c7f6-4vx5-4263
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znfj-psyu-2uh7
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.14