Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.portal.search.web@2.0.38

Type maven

Namespace com.liferay

Name com.liferay.portal.search.web

Version 2.0.38

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.0.45

Latest_non_vulnerable_version 6.0.143

Affected_by_vulnerabilities

url VCID-f9dw-g5c2-jba1

vulnerability_id VCID-f9dw-g5c2-jba1

summary

Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module
A Cross-site scripting (XSS) vulnerability in the Portal Search module before 6.0.12 from Liferay Portal (7.1.0 through 7.4.2), and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter.

references

reference_url

http://liferay.com

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:37:48Z/

url

http://liferay.com

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42118

reference_id

reference_type

scores

value	0.13205
scoring_system	epss
scoring_elements	0.94276
published_at	2026-06-05T12:55:00Z

value	0.13205
scoring_system	epss
scoring_elements	0.94279
published_at	2026-06-07T12:55:00Z

value	0.13205
scoring_system	epss
scoring_elements	0.94268
published_at	2026-06-04T12:55:00Z

value	0.13205
scoring_system	epss
scoring_elements	0.94277
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42118

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/b42f1e70a69a31a3f2f7004a5b1923ec1e1e5445

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/b42f1e70a69a31a3f2f7004a5b1923ec1e1e5445

reference_url

https://issues.liferay.com/browse/LPE-17342

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:37:48Z/

url

https://issues.liferay.com/browse/LPE-17342

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42118?p_r_p_assetEntryId=121613298&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613298%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42118

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42118

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118

reference_id

cve-2022-42118

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:37:48Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118

reference_url

https://github.com/advisories/GHSA-mr77-4pm4-x9vm

reference_id

GHSA-mr77-4pm4-x9vm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mr77-4pm4-x9vm

fixed_packages

url pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.12

purl pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-menx-yu2z-xkeh

vulnerability	VCID-q23w-uet7-w7fz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.12

aliases CVE-2022-42118, GHSA-mr77-4pm4-x9vm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f9dw-g5c2-jba1

url VCID-menx-yu2z-xkeh

vulnerability_id VCID-menx-yu2z-xkeh

summary

Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module
A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget before 6.0.45 from Liferay Portal (7.2.0 through 7.4.3.24), and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.

references

reference_url

http://liferay.com

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:43:43Z/

url

http://liferay.com

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42112

reference_id

reference_type

scores

value	0.00216
scoring_system	epss
scoring_elements	0.44194
published_at	2026-06-05T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44125
published_at	2026-06-04T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44176
published_at	2026-06-07T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44201
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42112

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/1f6521605152c0f8f82f490300215f08f885fe48

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/1f6521605152c0f8f82f490300215f08f885fe48

reference_url

https://liferay.atlassian.net/browse/LPE-17536

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17536

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42112?p_r_p_assetEntryId=121612934&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612934%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42112

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42112

reference_url

https://web.archive.org/web/20220701000000*/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20220701000000*/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112

reference_id

cve-2022-42112

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-10T02:43:43Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112

reference_url

https://github.com/advisories/GHSA-7f7g-vhff-mjqj

reference_id

GHSA-7f7g-vhff-mjqj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7f7g-vhff-mjqj

fixed_packages

url	pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.45
purl	pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.45
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.45

aliases CVE-2022-42112, GHSA-7f7g-vhff-mjqj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-menx-yu2z-xkeh

url VCID-q23w-uet7-w7fz

vulnerability_id VCID-q23w-uet7-w7fz

summary

Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module
In Search Web before v6.0.19 in Liferay Portal (v7.1.0 through v7.4.2) and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.

references

reference_url

http://liferay.com

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T19:59:49Z/

url

http://liferay.com

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28979

reference_id

reference_type

scores

value	0.003
scoring_system	epss
scoring_elements	0.53707
published_at	2026-06-05T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53703
published_at	2026-06-07T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53648
published_at	2026-06-04T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53716
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28979

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/e18065248673c77927f4839439aa200bfb965ced

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/e18065248673c77927f4839439aa200bfb965ced

reference_url

https://issues.liferay.com/browse/LPE-17381

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T19:59:49Z/

url

https://issues.liferay.com/browse/LPE-17381

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-28979-xss-in-custom-facet-widget?p_r_p_assetEntryId=121612377&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612377%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-28979

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-28979

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28979-xss-in-custom-facet-widget

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T19:59:49Z/

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28979-xss-in-custom-facet-widget

reference_url

https://github.com/advisories/GHSA-7r3w-wggm-pjwf

reference_id

GHSA-7r3w-wggm-pjwf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7r3w-wggm-pjwf

fixed_packages

url pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.19

purl pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-menx-yu2z-xkeh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.19

aliases CVE-2022-28979, GHSA-7r3w-wggm-pjwf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q23w-uet7-w7fz

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.search.web@2.0.38

Package Instance