Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.document.library.web@4.0.115

Type maven

Namespace com.liferay

Name com.liferay.document.library.web

Version 4.0.115

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.0.98

Latest_non_vulnerable_version 6.0.98

Affected_by_vulnerabilities

url VCID-ap9p-1am3-9ycn

vulnerability_id VCID-ap9p-1am3-9ycn

summary A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42113

reference_id

reference_type

scores

value	0.00197
scoring_system	epss
scoring_elements	0.419
published_at	2026-06-14T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41726
published_at	2026-06-11T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41891
published_at	2026-06-12T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.4191
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42113

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/2e4d17dfe42bb3b12c96527943087cf7e4a7d57e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/2e4d17dfe42bb3b12c96527943087cf7e4a7d57e

reference_url

https://github.com/liferay/liferay-portal/commit/62797d3ada6545b12fbfb86dbb229ac9d491d2c2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/62797d3ada6545b12fbfb86dbb229ac9d491d2c2

reference_url

https://liferay.atlassian.net/browse/LPE-17615

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17615

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42113?p_r_p_assetEntryId=121613062&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613062%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113

reference_id

cve-2022-42113

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:41:39Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42113

reference_id

CVE-2022-42113

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42113

reference_url

https://web.archive.org/web/20221019040338/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113

reference_id

CVE-2022-42113

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20221019040338/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113

reference_url

https://github.com/advisories/GHSA-r32w-v775-5952

reference_id

GHSA-r32w-v775-5952

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r32w-v775-5952

reference_url

http://liferay.com

reference_id

liferay.com

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:41:39Z/

url

http://liferay.com

fixed_packages

url	pkg:maven/com.liferay/com.liferay.document.library.web@6.0.98
purl	pkg:maven/com.liferay/com.liferay.document.library.web@6.0.98
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.document.library.web@6.0.98

aliases CVE-2022-42113, GHSA-r32w-v775-5952

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ap9p-1am3-9ycn

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.document.library.web@4.0.115

Package Instance