Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.portal.bom@7.4.3.74-ga74
Typemaven
Namespacecom.liferay.portal
Namerelease.portal.bom
Version7.4.3.74-ga74
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-su57-hncy-5qg4
vulnerability_id VCID-su57-hncy-5qg4
summary 
Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter
Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the `redirect` parameter to (1) Announcements, or (2) Alerts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43817
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10079
published_at 2026-06-08T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10166
published_at 2026-06-07T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10198
published_at 2026-06-06T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10177
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43817
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/40b9dcafccff4b0ba2a20ef4c9723bea820f814b
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/40b9dcafccff4b0ba2a20ef4c9723bea820f814b
3
reference_url https://liferay.atlassian.net/browse/LPE-17902
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17902
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43817
reference_id CVE-2025-43817
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T14:14:36Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43817
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43817
reference_id CVE-2025-43817
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43817
6
reference_url https://github.com/advisories/GHSA-m4hg-46pw-6mmv
reference_id GHSA-m4hg-46pw-6mmv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4hg-46pw-6mmv
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27a1-teqk-cbe2
1
vulnerability VCID-2bcr-bxek-skfq
2
vulnerability VCID-2dra-x6f5-xybz
3
vulnerability VCID-2mtb-mdha-qufv
4
vulnerability VCID-434b-p73k-5fam
5
vulnerability VCID-4kym-jhtn-cfa3
6
vulnerability VCID-4xqq-69ab-1qew
7
vulnerability VCID-8xx2-vtnr-dubu
8
vulnerability VCID-brjh-tyur-ebc8
9
vulnerability VCID-by7b-2zr9-y3dj
10
vulnerability VCID-ca62-h2qv-v7bg
11
vulnerability VCID-csnj-331s-43ea
12
vulnerability VCID-ebzh-bpks-5qe2
13
vulnerability VCID-evap-nt9g-akf6
14
vulnerability VCID-g41m-xvk2-xfda
15
vulnerability VCID-ggmh-6ef8-7ufj
16
vulnerability VCID-gyge-7d5c-6uhz
17
vulnerability VCID-j3pc-gwg6-qfbs
18
vulnerability VCID-ksvn-b6hv-hfa7
19
vulnerability VCID-nhp5-61h7-ryf4
20
vulnerability VCID-rns1-e6pd-tkex
21
vulnerability VCID-s86p-ew9a-rkgt
22
vulnerability VCID-sw28-urg9-tqgd
23
vulnerability VCID-w7z4-h1ug-z3cq
24
vulnerability VCID-wpqk-8fd9-p3ex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-43817, GHSA-m4hg-46pw-6mmv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-su57-hncy-5qg4
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.74-ga74