Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay.portal/com.liferay.portal.web@3.0.161

Type maven

Namespace com.liferay.portal

Name com.liferay.portal.web

Version 3.0.161

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.0.96

Latest_non_vulnerable_version 5.0.96

Affected_by_vulnerabilities

url VCID-uu4f-gvmj-7key

vulnerability_id VCID-uu4f-gvmj-7key

summary In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25610

reference_id

reference_type

scores

value	0.00106
scoring_system	epss
scoring_elements	0.28249
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25610

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610

reference_id

cve-2024-25610

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-28T13:32:33Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-25610

reference_id

CVE-2024-25610

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-25610

reference_url

https://github.com/advisories/GHSA-vvpf-53qx-cxhh

reference_id

GHSA-vvpf-53qx-cxhh

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vvpf-53qx-cxhh

fixed_packages

url	pkg:maven/com.liferay.portal/com.liferay.portal.web@5.0.96
purl	pkg:maven/com.liferay.portal/com.liferay.portal.web@5.0.96
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.web@5.0.96

aliases CVE-2024-25610, GHSA-vvpf-53qx-cxhh

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uu4f-gvmj-7key

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.web@3.0.161

Package Instance