Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@2.0.5
Typemaven
Namespacecom.liferay
Namecom.liferay.dynamic.data.mapping.form.field.type
Version2.0.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.187
Latest_non_vulnerable_version6.0.187
Affected_by_vulnerabilities
0
url VCID-4mr1-kemj-tbba
vulnerability_id VCID-4mr1-kemj-tbba
summary 
Liferay Portal users can upload an unlimited amount of files
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the forms, the files are stored in the document_library allowing an attacker to cause a potential DDoS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43762
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.28884
published_at 2026-06-07T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.2892
published_at 2026-06-06T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.28956
published_at 2026-06-05T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.3034
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43762
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/9d32b089f30a42c8fd2d30832b3c90eefb5afe84
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9d32b089f30a42c8fd2d30832b3c90eefb5afe84
3
reference_url https://liferay.atlassian.net/browse/LPE-18177
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18177
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43762
reference_id CVE-2025-43762
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T19:03:43Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43762
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43762
reference_id CVE-2025-43762
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43762
6
reference_url https://github.com/advisories/GHSA-84pp-qr92-95c9
reference_id GHSA-84pp-qr92-95c9
reference_type
scores
url https://github.com/advisories/GHSA-84pp-qr92-95c9
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.187
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.187
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.187
aliases CVE-2025-43762, GHSA-84pp-qr92-95c9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mr1-kemj-tbba
1
url VCID-6zxu-xkcb-p7be
vulnerability_id VCID-6zxu-xkcb-p7be
summary 
Liferay Portal Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a rich text type field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43800
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.14024
published_at 2026-06-06T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13903
published_at 2026-06-08T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13987
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43800
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43800
reference_id CVE-2025-43800
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T13:49:07Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43800
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43800
reference_id CVE-2025-43800
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43800
4
reference_url https://github.com/advisories/GHSA-jfv5-r382-xvwh
reference_id GHSA-jfv5-r382-xvwh
reference_type
scores
url https://github.com/advisories/GHSA-jfv5-r382-xvwh
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4mr1-kemj-tbba
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
aliases CVE-2025-43800, GHSA-jfv5-r382-xvwh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6zxu-xkcb-p7be
2
url VCID-xa5h-2khm-efgj
vulnerability_id VCID-xa5h-2khm-efgj
summary 
Liferay Portal and Liferay DXP allows arbitrary injection via form field
Multiple cross-site scripting (XSS) vulnerabilities in Dynamic Data Mapping Form Field Type before 6.0.11 from Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26594
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49355
published_at 2026-06-07T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49372
published_at 2026-06-06T12:55:00Z
2
value 0.00257
scoring_system epss
scoring_elements 0.49362
published_at 2026-06-05T12:55:00Z
3
value 0.00257
scoring_system epss
scoring_elements 0.49325
published_at 2026-06-08T12:55:00Z
4
value 0.00257
scoring_system epss
scoring_elements 0.49301
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26594
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/7c9348cc59271647cfd192c007d383d80ae9a667
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7c9348cc59271647cfd192c007d383d80ae9a667
3
reference_url https://liferay.atlassian.net/browse/LPE-17290
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17290
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26594-xss-vulnerability-with-form-field-help-text?p_r_p_assetEntryId=121612173&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612173%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26594-xss-vulnerability-with-form-field-help-text?p_r_p_assetEntryId=121612173&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612173%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26594
reference_id CVE-2022-26594
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-26594
6
reference_url https://github.com/advisories/GHSA-658f-xhv4-p978
reference_id GHSA-658f-xhv4-p978
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-658f-xhv4-p978
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.11
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4mr1-kemj-tbba
1
vulnerability VCID-6zxu-xkcb-p7be
2
vulnerability VCID-xdw9-h42z-wyh4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.11
aliases CVE-2022-26594, GHSA-658f-xhv4-p978
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa5h-2khm-efgj
3
url VCID-xdw9-h42z-wyh4
vulnerability_id VCID-xdw9-h42z-wyh4
summary 
Liferay Portal vulnerable to Cross-site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a "Rich Text" type field to (1) a web content structure, (2) a Documents and Media Document Type , or (3) custom assets that uses the Data Engine's module Rich Text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43791
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.14024
published_at 2026-06-06T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13903
published_at 2026-06-08T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13987
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43791
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43791
reference_id CVE-2025-43791
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T18:34:14Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43791
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43791
reference_id CVE-2025-43791
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43791
4
reference_url https://github.com/advisories/GHSA-5c6v-fqcw-w6q5
reference_id GHSA-5c6v-fqcw-w6q5
reference_type
scores
url https://github.com/advisories/GHSA-5c6v-fqcw-w6q5
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4mr1-kemj-tbba
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@6.0.167
aliases CVE-2025-43791, GHSA-5c6v-fqcw-w6q5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdw9-h42z-wyh4
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.field.type@2.0.5