Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.72

Type maven

Namespace com.liferay

Name com.liferay.calendar.web

Version 5.0.72

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.0.88

Latest_non_vulnerable_version 5.0.88

Affected_by_vulnerabilities

url VCID-3hm3-htje-akgd

vulnerability_id VCID-3hm3-htje-akgd

summary

Liferay Portal vulnerable to cross-site scripting in the Calendar widget
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle text, or (3) Last Name text fields.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43820

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10079
published_at	2026-06-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10166
published_at	2026-06-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10198
published_at	2026-06-06T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10177
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43820

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43820

reference_id

CVE-2025-43820

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T14:46:02Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43820

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43820

reference_id

CVE-2025-43820

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43820

reference_url

https://github.com/advisories/GHSA-pf86-4w35-cj89

reference_id

GHSA-pf86-4w35-cj89

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pf86-4w35-cj89

fixed_packages

url	pkg:maven/com.liferay/com.liferay.calendar.web@5.0.88
purl	pkg:maven/com.liferay/com.liferay.calendar.web@5.0.88
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.88

aliases CVE-2025-43820, GHSA-pf86-4w35-cj89

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hm3-htje-akgd

url VCID-dx8s-h424-efbz

vulnerability_id VCID-dx8s-h424-efbz

summary

Liferay Portal is vulnerable to XSS through its Calendar Events parameters
Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name or (3) Last Name text field.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62240

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09184
published_at	2026-06-08T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09243
published_at	2026-06-07T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09263
published_at	2026-06-06T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09244
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62240

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/961b569fbd9207c728a93d962e989dbc062f6fb6

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/961b569fbd9207c728a93d962e989dbc062f6fb6

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62240

reference_id

CVE-2025-62240

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T14:26:06Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62240

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-62240

reference_id

CVE-2025-62240

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-62240

reference_url

https://github.com/advisories/GHSA-5264-m964-7pg9

reference_id

GHSA-5264-m964-7pg9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5264-m964-7pg9

fixed_packages

url	pkg:maven/com.liferay/com.liferay.calendar.web@5.0.88
purl	pkg:maven/com.liferay/com.liferay.calendar.web@5.0.88
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.88

aliases CVE-2025-62240, GHSA-5264-m964-7pg9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx8s-h424-efbz

url VCID-fg6h-28cu-17c5

vulnerability_id VCID-fg6h-28cu-17c5

summary

Liferay Portal vulnerable to cross-site scripting in the Calendar widget
Cross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Calendar's “Name” text field

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43818

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10079
published_at	2026-06-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10166
published_at	2026-06-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10198
published_at	2026-06-06T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10177
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43818

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/ed066f19934a721a7f9b567db097e04cf4adbdae

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ed066f19934a721a7f9b567db097e04cf4adbdae

reference_url

https://github.com/liferay/liferay-portal/commit/ff1d01a6bd2898e827b1efdf723ef24f7f2bb1bf

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ff1d01a6bd2898e827b1efdf723ef24f7f2bb1bf

reference_url

https://liferay.atlassian.net/browse/LPE-17911

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17911

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43818

reference_id

CVE-2025-43818

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T14:46:15Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43818

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43818

reference_id

CVE-2025-43818

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43818

reference_url

https://github.com/advisories/GHSA-gj92-p9mh-83j8

reference_id

GHSA-gj92-p9mh-83j8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gj92-p9mh-83j8

fixed_packages

url pkg:maven/com.liferay/com.liferay.calendar.web@5.0.87

purl pkg:maven/com.liferay/com.liferay.calendar.web@5.0.87

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-dx8s-h424-efbz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.87

aliases CVE-2025-43818, GHSA-gj92-p9mh-83j8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fg6h-28cu-17c5

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.calendar.web@5.0.72

Package Instance