Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.portal.bom@7.4.3.35-ga35
Typemaven
Namespacecom.liferay.portal
Namerelease.portal.bom
Version7.4.3.35-ga35
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3hm3-htje-akgd
vulnerability_id VCID-3hm3-htje-akgd
summary 
Liferay Portal vulnerable to cross-site scripting in the Calendar widget
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle text, or (3) Last Name text fields.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43820
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10079
published_at 2026-06-08T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10198
published_at 2026-06-06T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10177
published_at 2026-06-05T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10112
published_at 2026-06-09T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.10166
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43820
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43820
reference_id CVE-2025-43820
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T14:46:02Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43820
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43820
reference_id CVE-2025-43820
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43820
4
reference_url https://github.com/advisories/GHSA-pf86-4w35-cj89
reference_id GHSA-pf86-4w35-cj89
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf86-4w35-cj89
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.111-ga111
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.111-ga111
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11qf-d5xp-4fey
1
vulnerability VCID-su57-hncy-5qg4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.111-ga111
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11qf-d5xp-4fey
1
vulnerability VCID-1jgz-k7zp-uydp
2
vulnerability VCID-27a1-teqk-cbe2
3
vulnerability VCID-2bcr-bxek-skfq
4
vulnerability VCID-2dra-x6f5-xybz
5
vulnerability VCID-2mtb-mdha-qufv
6
vulnerability VCID-434b-p73k-5fam
7
vulnerability VCID-4kym-jhtn-cfa3
8
vulnerability VCID-4xqq-69ab-1qew
9
vulnerability VCID-5732-ffyz-9fh5
10
vulnerability VCID-8xx2-vtnr-dubu
11
vulnerability VCID-brjh-tyur-ebc8
12
vulnerability VCID-by7b-2zr9-y3dj
13
vulnerability VCID-ca62-h2qv-v7bg
14
vulnerability VCID-ce9p-rwsz-zkf6
15
vulnerability VCID-csnj-331s-43ea
16
vulnerability VCID-d56y-s4zt-uyd7
17
vulnerability VCID-ebzh-bpks-5qe2
18
vulnerability VCID-evap-nt9g-akf6
19
vulnerability VCID-g41m-xvk2-xfda
20
vulnerability VCID-ggmh-6ef8-7ufj
21
vulnerability VCID-gyge-7d5c-6uhz
22
vulnerability VCID-j3pc-gwg6-qfbs
23
vulnerability VCID-ksvn-b6hv-hfa7
24
vulnerability VCID-nhp5-61h7-ryf4
25
vulnerability VCID-qy5u-7m7g-4ben
26
vulnerability VCID-r363-kggk-k3ds
27
vulnerability VCID-rns1-e6pd-tkex
28
vulnerability VCID-s86p-ew9a-rkgt
29
vulnerability VCID-su57-hncy-5qg4
30
vulnerability VCID-sw28-urg9-tqgd
31
vulnerability VCID-w7z4-h1ug-z3cq
32
vulnerability VCID-wpqk-8fd9-p3ex
33
vulnerability VCID-ynk1-3fye-bfcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2025-43820, GHSA-pf86-4w35-cj89
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hm3-htje-akgd
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.35-ga35