Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.journal.content.web@4.0.28
Typemaven
Namespacecom.liferay
Namecom.liferay.journal.content.web
Version4.0.28
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.15
Latest_non_vulnerable_version5.0.15
Affected_by_vulnerabilities
0
url VCID-67kh-3nge-vfhg
vulnerability_id VCID-67kh-3nge-vfhg
summary 
Liferay Portal and Liferay DXP allows arbitrary injection via web content template names
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page before 5.0.15 in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names.
references
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26596
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45868
published_at 2026-06-04T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.45941
published_at 2026-06-06T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.45937
published_at 2026-06-05T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.45894
published_at 2026-06-08T12:55:00Z
4
value 0.0023
scoring_system epss
scoring_elements 0.4592
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26596
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/c61976fc867f3add8eb429b99380e91f021f9313
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c61976fc867f3add8eb429b99380e91f021f9313
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26596-stored-xss-with-template-name?p_r_p_assetEntryId=121612108&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612108%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26596-stored-xss-with-template-name?p_r_p_assetEntryId=121612108&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612108%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26596
reference_id CVE-2022-26596
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-26596
6
reference_url https://github.com/advisories/GHSA-w7f2-6896-6mm2
reference_id GHSA-w7f2-6896-6mm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7f2-6896-6mm2
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.journal.content.web@5.0.15
purl pkg:maven/com.liferay/com.liferay.journal.content.web@5.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.journal.content.web@5.0.15
aliases CVE-2022-26596, GHSA-w7f2-6896-6mm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67kh-3nge-vfhg
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.journal.content.web@4.0.28