Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.journal.web@5.0.34
Typemaven
Namespacecom.liferay
Namecom.liferay.journal.web
Version5.0.34
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.161
Latest_non_vulnerable_version5.0.161
Affected_by_vulnerabilities
0
url VCID-11qf-d5xp-4fey
vulnerability_id VCID-11qf-d5xp-4fey
summary 
Liferay Portal vulnerable to cross-site scripting in the web content template
Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a web content structure's Name text field
references
0
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal
1
reference_url https://github.com/liferay/liferay-portal/commit/7466c9ba0126a4a93c85913cbec9b11c687deb36
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/7466c9ba0126a4a93c85913cbec9b11c687deb36
2
reference_url https://liferay.atlassian.net/browse/LPE-17942
reference_id
reference_type
scores
url https://liferay.atlassian.net/browse/LPE-17942
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43812
reference_id CVE-2025-43812
reference_type
scores
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43812
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43812
reference_id CVE-2025-43812
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-43812
5
reference_url https://github.com/advisories/GHSA-jv8x-mm3v-75r7
reference_id GHSA-jv8x-mm3v-75r7
reference_type
scores
url https://github.com/advisories/GHSA-jv8x-mm3v-75r7
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.journal.web@5.0.161
purl pkg:maven/com.liferay/com.liferay.journal.web@5.0.161
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.journal.web@5.0.161
aliases CVE-2025-43812, GHSA-jv8x-mm3v-75r7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11qf-d5xp-4fey
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.journal.web@5.0.34