{"url":"http://public2.vulnerablecode.io/api/packages/65222?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.0.0","type":"maven","namespace":"com.liferay.portal","name":"release.portal.bom","version":"7.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111769?format=json","vulnerability_id":"VCID-17tm-rzgk-qfas","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page\nCross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the (1) _com_liferay_journal_web_portlet_JournalPortlet_name or (2) _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33328","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34942","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35038","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34999","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34978","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35015","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33328"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17100","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17100"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33328","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33328"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972"},{"reference_url":"https://github.com/advisories/GHSA-vpvm-3wfw-5f5c","reference_id":"GHSA-vpvm-3wfw-5f5c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vpvm-3wfw-5f5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151059?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7f43-u96s-qyeq"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebmm-3qj1-8uec"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-fxtu-zgpf-cbhs"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-ykxs-jz2j-bqay"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.5"}],"aliases":["CVE-2021-33328","GHSA-vpvm-3wfw-5f5c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17tm-rzgk-qfas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110913?format=json","vulnerability_id":"VCID-1h16-mptk-gke7","summary":"Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password\nThe Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29043","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42502","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42586","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42575","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42533","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42524","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42559","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29043"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29043","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29043"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515"},{"reference_url":"https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210517183617/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515"},{"reference_url":"https://github.com/advisories/GHSA-xx2h-2hf5-v7vv","reference_id":"GHSA-xx2h-2hf5-v7vv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx2h-2hf5-v7vv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150185?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29043","GHSA-xx2h-2hf5-v7vv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1h16-mptk-gke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112176?format=json","vulnerability_id":"VCID-2dc6-guhs-juhy","summary":"Liferay Portal and Liferay DXP Fails to Properly Check User Permissions\nThe Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms \"Access in Site Administration\" permission to view all forms and form entries in a site via the forms section in site administration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33334","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23903","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23982","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23999","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23879","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23873","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2393","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33334"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17039","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17039"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33334","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33334"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748332"},{"reference_url":"https://github.com/advisories/GHSA-g37f-j8hh-736f","reference_id":"GHSA-g37f-j8hh-736f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g37f-j8hh-736f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/520090?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2-1"}],"aliases":["CVE-2021-33334","GHSA-g37f-j8hh-736f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dc6-guhs-juhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111115?format=json","vulnerability_id":"VCID-c4kq-8dpb-bkc7","summary":"Liferay Portal and Liferay DXP Fails to Sanitize API Data\nLiferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 19, and 7.2 before fix pack 7, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13444","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48369","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48437","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48432","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48401","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48389","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48418","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13444"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17009","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13444","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13444"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396"},{"reference_url":"https://github.com/advisories/GHSA-8j5r-9687-88w5","reference_id":"GHSA-8j5r-9687-88w5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8j5r-9687-88w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60881?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8fdv-x8z8-6bcf"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.2"}],"aliases":["CVE-2020-13444","GHSA-8j5r-9687-88w5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4kq-8dpb-bkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56369?format=json","vulnerability_id":"VCID-e5h2-wvws-3yhq","summary":"Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page\nCross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37940","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38743","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38754","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38795","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38799","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38772","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37940"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940","reference_id":"CVE-2023-37940","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37940","reference_id":"CVE-2023-37940","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37940"},{"reference_url":"https://github.com/advisories/GHSA-px38-239g-x5mg","reference_id":"GHSA-px38-239g-x5mg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-px38-239g-x5mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83576?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-3hm3-htje-akgd"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-5nq8-gsav-5ffq"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-brjh-tyur-ebc8"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-csnj-331s-43ea"},{"vulnerability":"VCID-d56y-s4zt-uyd7"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ej5y-geq1-pkfn"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mbd8-z3ry-cqap"},{"vulnerability":"VCID-mf9a-eusx-f3gb"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-rs2y-3c75-uycm"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-su57-hncy-5qg4"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xv4h-g41b-c7c7"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ynk1-3fye-bfcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88"}],"aliases":["CVE-2023-37940","GHSA-px38-239g-x5mg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5h2-wvws-3yhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45262?format=json","vulnerability_id":"VCID-g2jp-ueyr-gkav","summary":"Insecure Default Initialization In Liferay Portal\nIn Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33949","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57055","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57037","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57195","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57187","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57183","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33949"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949","reference_id":"CVE-2023-33949","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:48:38Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33949","reference_id":"CVE-2023-33949","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33949"},{"reference_url":"https://github.com/advisories/GHSA-g9mr-9xfc-4gf7","reference_id":"GHSA-g9mr-9xfc-4gf7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g9mr-9xfc-4gf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65206?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yq5x-4eyq-m7ba"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1"}],"aliases":["CVE-2023-33949","GHSA-g9mr-9xfc-4gf7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2jp-ueyr-gkav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111645?format=json","vulnerability_id":"VCID-gz3a-m337-s7dn","summary":"Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page\nCross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_my_sites_web_portlet_MySitesPortlet_comments parameter.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29044","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65169","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6518","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65127","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65174","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65156","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65168","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29044"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29044","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29044"},{"reference_url":"https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210524195727/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548"},{"reference_url":"https://github.com/advisories/GHSA-wcr5-3q96-c2gr","reference_id":"GHSA-wcr5-3q96-c2gr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcr5-3q96-c2gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150185?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-37ph-hjq9-bufq"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-bg89-tyhn-sfc3"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.6"}],"aliases":["CVE-2021-29044","GHSA-wcr5-3q96-c2gr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gz3a-m337-s7dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110228?format=json","vulnerability_id":"VCID-k1u8-ur3y-zucd","summary":"Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL\nThe Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.","references":[{"reference_url":"http://liferay.com","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"http://liferay.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42132","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56107","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56121","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56115","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5606","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56112","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42132"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/4a53b64fb714c7ff989b99ddccc3de116095453d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/b6cff511119d71dea38f5485761730f4fb5d4430"},{"reference_url":"https://issues.liferay.com/browse/LPE-17438","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"https://issues.liferay.com/browse/LPE-17438"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42132?p_r_p_assetEntryId=121613918&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613918%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42132","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42132"},{"reference_url":"https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20221020134303/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132","reference_id":"cve-2022-42132","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:17:39Z/"}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"},{"reference_url":"https://github.com/advisories/GHSA-f43m-hhj4-q3jg","reference_id":"GHSA-f43m-hhj4-q3jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f43m-hhj4-q3jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69030?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.5-ga5"},{"url":"http://public2.vulnerablecode.io/api/packages/609682?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1jgz-k7zp-uydp"},{"vulnerability":"VCID-27a1-teqk-cbe2"},{"vulnerability":"VCID-292m-hgvs-93ey"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2bcr-bxek-skfq"},{"vulnerability":"VCID-2dra-x6f5-xybz"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-434b-p73k-5fam"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4kym-jhtn-cfa3"},{"vulnerability":"VCID-4xqq-69ab-1qew"},{"vulnerability":"VCID-5732-ffyz-9fh5"},{"vulnerability":"VCID-5bex-xcub-3qhr"},{"vulnerability":"VCID-68yp-31d3-zbay"},{"vulnerability":"VCID-6yrk-8tj5-juhp"},{"vulnerability":"VCID-7tas-6nn4-9fhu"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b24q-c9nx-hkdy"},{"vulnerability":"VCID-by7b-2zr9-y3dj"},{"vulnerability":"VCID-ca62-h2qv-v7bg"},{"vulnerability":"VCID-ce9p-rwsz-zkf6"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-dt2w-w4vw-1yhe"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-evap-nt9g-akf6"},{"vulnerability":"VCID-g41m-xvk2-xfda"},{"vulnerability":"VCID-gaqh-vn1h-b3c1"},{"vulnerability":"VCID-ggmh-6ef8-7ufj"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gyge-7d5c-6uhz"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hvpx-y297-sbha"},{"vulnerability":"VCID-j3pc-gwg6-qfbs"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-ksvn-b6hv-hfa7"},{"vulnerability":"VCID-mgw3-28sj-juh7"},{"vulnerability":"VCID-msd2-mccp-z7cv"},{"vulnerability":"VCID-nhp5-61h7-ryf4"},{"vulnerability":"VCID-patg-tmcj-3qbh"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-pf71-p73a-xyda"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-qrgm-94me-83hz"},{"vulnerability":"VCID-qy5u-7m7g-4ben"},{"vulnerability":"VCID-r363-kggk-k3ds"},{"vulnerability":"VCID-rns1-e6pd-tkex"},{"vulnerability":"VCID-s86p-ew9a-rkgt"},{"vulnerability":"VCID-sw28-urg9-tqgd"},{"vulnerability":"VCID-tf5n-etq9-2bg1"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-v633-mycj-6uh6"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-w7z4-h1ug-z3cq"},{"vulnerability":"VCID-wpqk-8fd9-p3ex"},{"vulnerability":"VCID-wzj5-ba9k-q3at"},{"vulnerability":"VCID-xn1n-5rgc-83bg"},{"vulnerability":"VCID-y1wd-arvg-2ugt"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.6"}],"aliases":["CVE-2022-42132","GHSA-f43m-hhj4-q3jg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1u8-ur3y-zucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112125?format=json","vulnerability_id":"VCID-yq5x-4eyq-m7ba","summary":"Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs\nOpen redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33331","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58227","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58218","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58219","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58202","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58217","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33331"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://issues.liferay.com/browse/LPE-17022","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17022"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33331","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33331"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627"},{"reference_url":"https://github.com/advisories/GHSA-mj8w-h522-jwm8","reference_id":"GHSA-mj8w-h522-jwm8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj8w-h522-jwm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/520089?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.3.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17tm-rzgk-qfas"},{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-1h16-mptk-gke7"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-298n-mh47-3ygq"},{"vulnerability":"VCID-2dc6-guhs-juhy"},{"vulnerability":"VCID-2fn6-apud-qbh4"},{"vulnerability":"VCID-2mtb-mdha-qufv"},{"vulnerability":"VCID-38vz-usgx-g7dv"},{"vulnerability":"VCID-3nm8-13hg-myh4"},{"vulnerability":"VCID-4611-azkf-sffv"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-68kz-zfvf-7ucw"},{"vulnerability":"VCID-6q85-j656-wyeh"},{"vulnerability":"VCID-6yj4-11z6-pfhx"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-8xx2-vtnr-dubu"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-afe9-yqy2-8bdb"},{"vulnerability":"VCID-b1cb-4tud-jked"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-c4kq-8dpb-bkc7"},{"vulnerability":"VCID-cj4m-mvzh-ckh4"},{"vulnerability":"VCID-d7nb-6hvn-cueh"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-e5h2-wvws-3yhq"},{"vulnerability":"VCID-ebzh-bpks-5qe2"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-gv7c-qump-nyds"},{"vulnerability":"VCID-gz3a-m337-s7dn"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hhmu-vsj9-gudx"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k1u8-ur3y-zucd"},{"vulnerability":"VCID-k29y-9nww-cuh6"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-kjbx-n3pd-yba9"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p4nc-ucxy-sydb"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-pczz-39pz-37bb"},{"vulnerability":"VCID-pdbx-p4mr-97h4"},{"vulnerability":"VCID-qar1-pfr5-ekfm"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-t51p-askk-pfcx"},{"vulnerability":"VCID-turp-jxv8-1fgy"},{"vulnerability":"VCID-uv23-yfgk-87h9"},{"vulnerability":"VCID-vez2-knrw-ubbe"},{"vulnerability":"VCID-vrqa-ggse-wqhn"},{"vulnerability":"VCID-x7ny-9pvm-77eh"},{"vulnerability":"VCID-x93k-k3f7-y3hk"},{"vulnerability":"VCID-xuaz-p5q4-8beh"},{"vulnerability":"VCID-y8xm-g4zt-b7b5"},{"vulnerability":"VCID-ydhb-8z5m-v7fb"},{"vulnerability":"VCID-yump-6eg9-9yeq"},{"vulnerability":"VCID-zmf4-acz8-s3a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.3.1-1"}],"aliases":["CVE-2021-33331","GHSA-mj8w-h522-jwm8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yq5x-4eyq-m7ba"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.0.0"}