Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay.commerce/com.liferay.commerce.product.service@6.0.18

Type maven

Namespace com.liferay.commerce

Name com.liferay.commerce.product.service

Version 6.0.18

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.0.134

Latest_non_vulnerable_version 6.0.134

Affected_by_vulnerabilities

url VCID-1ppd-egv1-7yh9

vulnerability_id VCID-1ppd-egv1-7yh9

summary

Liferay Portal is vulnerable to XSS through its Commerce Product's Name text field
Cross-site Scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Commerce Product's Name text field.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43821

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09263
published_at	2026-06-06T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09214
published_at	2026-06-09T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09184
published_at	2026-06-08T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09243
published_at	2026-06-07T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09244
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43821

reference_url

https://github.com/liferay/com-liferay-commerce

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/com-liferay-commerce

reference_url

https://github.com/liferay/liferay-portal/commit/433f82c03fac10167f1f811efb482d6010bac6db

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/433f82c03fac10167f1f811efb482d6010bac6db

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43821

reference_id

CVE-2025-43821

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-08T13:08:44Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43821

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43821

reference_id

CVE-2025-43821

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43821

reference_url

https://github.com/advisories/GHSA-fjrp-77f3-43xj

reference_id

GHSA-fjrp-77f3-43xj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fjrp-77f3-43xj

fixed_packages

url	pkg:maven/com.liferay.commerce/com.liferay.commerce.product.service@6.0.134
purl	pkg:maven/com.liferay.commerce/com.liferay.commerce.product.service@6.0.134
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.commerce/com.liferay.commerce.product.service@6.0.134

aliases CVE-2025-43821, GHSA-fjrp-77f3-43xj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ppd-egv1-7yh9

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.commerce/com.liferay.commerce.product.service@6.0.18

Package Instance