Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.frontend.js.web@2.0.18
Typemaven
Namespacecom.liferay
Namecom.liferay.frontend.js.web
Version2.0.18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.125
Latest_non_vulnerable_version5.0.125
Affected_by_vulnerabilities
0
url VCID-mph8-zzjv-67av
vulnerability_id VCID-mph8-zzjv-67av
summary 
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_blogs_web_portlet_BlogsAdminPortlet_title and _com_liferay_blogs_web_portlet_BlogsAdminPortlet_subtitle parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38267
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39077
published_at 2026-06-04T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39171
published_at 2026-06-06T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39165
published_at 2026-06-05T12:55:00Z
3
value 0.00178
scoring_system epss
scoring_elements 0.39127
published_at 2026-06-09T12:55:00Z
4
value 0.00178
scoring_system epss
scoring_elements 0.39115
published_at 2026-06-08T12:55:00Z
5
value 0.00178
scoring_system epss
scoring_elements 0.39143
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38267
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/c3ad74d0664072c43da4d30a1d19be8cec3aa8bc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c3ad74d0664072c43da4d30a1d19be8cec3aa8bc
3
reference_url https://liferay.atlassian.net/browse/LPE-17212
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17212
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38267-stored-xss-with-title-and-subtitle-of-blog-entry?p_r_p_assetEntryId=121611935&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611935%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38267-stored-xss-with-title-and-subtitle-of-blog-entry?p_r_p_assetEntryId=121611935&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611935%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38267
reference_id CVE-2021-38267
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38267
6
reference_url https://github.com/advisories/GHSA-r39x-3qq4-gxmr
reference_id GHSA-r39x-3qq4-gxmr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r39x-3qq4-gxmr
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.0
purl pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qfkk-bzxs-87fz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.0
aliases CVE-2021-38267, GHSA-r39x-3qq4-gxmr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mph8-zzjv-67av
1
url VCID-qfkk-bzxs-87fz
vulnerability_id VCID-qfkk-bzxs-87fz
summary 
Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded by object entry and stored in document_library
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43758
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.32008
published_at 2026-06-06T12:55:00Z
1
value 0.0013
scoring_system epss
scoring_elements 0.31971
published_at 2026-06-07T12:55:00Z
2
value 0.0013
scoring_system epss
scoring_elements 0.32039
published_at 2026-06-05T12:55:00Z
3
value 0.00141
scoring_system epss
scoring_elements 0.3396
published_at 2026-06-08T12:55:00Z
4
value 0.00141
scoring_system epss
scoring_elements 0.33982
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43758
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/bf036898c413b6733918f4bfeba59896f1abb34a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/bf036898c413b6733918f4bfeba59896f1abb34a
3
reference_url https://github.com/liferay/liferay-portal/commit/ff4efcb59b6b9acf548d37787b8d4b3d1126fff8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ff4efcb59b6b9acf548d37787b8d4b3d1126fff8
4
reference_url https://liferay.atlassian.net/browse/LPE-18186
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18186
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43758
reference_id CVE-2025-43758
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T18:48:54Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43758
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43758
reference_id CVE-2025-43758
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43758
7
reference_url https://github.com/advisories/GHSA-mm62-gwj5-j285
reference_id GHSA-mm62-gwj5-j285
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mm62-gwj5-j285
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.125
purl pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.125
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.frontend.js.web@5.0.125
aliases CVE-2025-43758, GHSA-mm62-gwj5-j285
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfkk-bzxs-87fz
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.frontend.js.web@2.0.18