Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vfwm-mr49-47dc
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.
Aliases
0
alias CVE-2023-33942
1
alias GHSA-wv99-wmpf-jrqr
Fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.51
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11qf-d5xp-4fey
1
vulnerability VCID-1jgz-k7zp-uydp
2
vulnerability VCID-27a1-teqk-cbe2
3
vulnerability VCID-292m-hgvs-93ey
4
vulnerability VCID-2bcr-bxek-skfq
5
vulnerability VCID-2dra-x6f5-xybz
6
vulnerability VCID-2mtb-mdha-qufv
7
vulnerability VCID-3hm3-htje-akgd
8
vulnerability VCID-434b-p73k-5fam
9
vulnerability VCID-4kym-jhtn-cfa3
10
vulnerability VCID-4xqq-69ab-1qew
11
vulnerability VCID-5732-ffyz-9fh5
12
vulnerability VCID-5bex-xcub-3qhr
13
vulnerability VCID-5nq8-gsav-5ffq
14
vulnerability VCID-68yp-31d3-zbay
15
vulnerability VCID-6yrk-8tj5-juhp
16
vulnerability VCID-8xx2-vtnr-dubu
17
vulnerability VCID-b24q-c9nx-hkdy
18
vulnerability VCID-brjh-tyur-ebc8
19
vulnerability VCID-by7b-2zr9-y3dj
20
vulnerability VCID-ca62-h2qv-v7bg
21
vulnerability VCID-ce9p-rwsz-zkf6
22
vulnerability VCID-d56y-s4zt-uyd7
23
vulnerability VCID-dvp1-5vf5-qfg9
24
vulnerability VCID-e5h2-wvws-3yhq
25
vulnerability VCID-ebzh-bpks-5qe2
26
vulnerability VCID-ej5y-geq1-pkfn
27
vulnerability VCID-evap-nt9g-akf6
28
vulnerability VCID-g41m-xvk2-xfda
29
vulnerability VCID-gaqh-vn1h-b3c1
30
vulnerability VCID-ggmh-6ef8-7ufj
31
vulnerability VCID-gyge-7d5c-6uhz
32
vulnerability VCID-hvpx-y297-sbha
33
vulnerability VCID-j3pc-gwg6-qfbs
34
vulnerability VCID-ksvn-b6hv-hfa7
35
vulnerability VCID-mbd8-z3ry-cqap
36
vulnerability VCID-mf9a-eusx-f3gb
37
vulnerability VCID-nhp5-61h7-ryf4
38
vulnerability VCID-patg-tmcj-3qbh
39
vulnerability VCID-pf71-p73a-xyda
40
vulnerability VCID-qy5u-7m7g-4ben
41
vulnerability VCID-r363-kggk-k3ds
42
vulnerability VCID-rns1-e6pd-tkex
43
vulnerability VCID-s86p-ew9a-rkgt
44
vulnerability VCID-sw28-urg9-tqgd
45
vulnerability VCID-tf5n-etq9-2bg1
46
vulnerability VCID-turp-jxv8-1fgy
47
vulnerability VCID-uun9-ctyg-k3d9
48
vulnerability VCID-w7z4-h1ug-z3cq
49
vulnerability VCID-wpqk-8fd9-p3ex
50
vulnerability VCID-xn1n-5rgc-83bg
51
vulnerability VCID-xn3y-rrkc-7bcz
52
vulnerability VCID-y1wd-arvg-2ugt
53
vulnerability VCID-ynk1-3fye-bfcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.51
Affected_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.50
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11qf-d5xp-4fey
1
vulnerability VCID-1jgz-k7zp-uydp
2
vulnerability VCID-27a1-teqk-cbe2
3
vulnerability VCID-292m-hgvs-93ey
4
vulnerability VCID-2bcr-bxek-skfq
5
vulnerability VCID-2dra-x6f5-xybz
6
vulnerability VCID-2mtb-mdha-qufv
7
vulnerability VCID-3hm3-htje-akgd
8
vulnerability VCID-434b-p73k-5fam
9
vulnerability VCID-4kym-jhtn-cfa3
10
vulnerability VCID-4xqq-69ab-1qew
11
vulnerability VCID-5732-ffyz-9fh5
12
vulnerability VCID-5bex-xcub-3qhr
13
vulnerability VCID-5nq8-gsav-5ffq
14
vulnerability VCID-68yp-31d3-zbay
15
vulnerability VCID-6yrk-8tj5-juhp
16
vulnerability VCID-8xx2-vtnr-dubu
17
vulnerability VCID-b24q-c9nx-hkdy
18
vulnerability VCID-brjh-tyur-ebc8
19
vulnerability VCID-by7b-2zr9-y3dj
20
vulnerability VCID-ca62-h2qv-v7bg
21
vulnerability VCID-ce9p-rwsz-zkf6
22
vulnerability VCID-d56y-s4zt-uyd7
23
vulnerability VCID-dvp1-5vf5-qfg9
24
vulnerability VCID-e5h2-wvws-3yhq
25
vulnerability VCID-ebzh-bpks-5qe2
26
vulnerability VCID-ej5y-geq1-pkfn
27
vulnerability VCID-evap-nt9g-akf6
28
vulnerability VCID-g41m-xvk2-xfda
29
vulnerability VCID-gaqh-vn1h-b3c1
30
vulnerability VCID-ggmh-6ef8-7ufj
31
vulnerability VCID-gyge-7d5c-6uhz
32
vulnerability VCID-hvpx-y297-sbha
33
vulnerability VCID-j3pc-gwg6-qfbs
34
vulnerability VCID-ksvn-b6hv-hfa7
35
vulnerability VCID-mbd8-z3ry-cqap
36
vulnerability VCID-mf9a-eusx-f3gb
37
vulnerability VCID-nhp5-61h7-ryf4
38
vulnerability VCID-patg-tmcj-3qbh
39
vulnerability VCID-pf71-p73a-xyda
40
vulnerability VCID-qy5u-7m7g-4ben
41
vulnerability VCID-r363-kggk-k3ds
42
vulnerability VCID-rns1-e6pd-tkex
43
vulnerability VCID-s86p-ew9a-rkgt
44
vulnerability VCID-sw28-urg9-tqgd
45
vulnerability VCID-tf5n-etq9-2bg1
46
vulnerability VCID-turp-jxv8-1fgy
47
vulnerability VCID-uun9-ctyg-k3d9
48
vulnerability VCID-vfwm-mr49-47dc
49
vulnerability VCID-w7z4-h1ug-z3cq
50
vulnerability VCID-wpqk-8fd9-p3ex
51
vulnerability VCID-xn1n-5rgc-83bg
52
vulnerability VCID-xn3y-rrkc-7bcz
53
vulnerability VCID-y1wd-arvg-2ugt
54
vulnerability VCID-ynk1-3fye-bfcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.50
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33942
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53255
published_at 2026-06-05T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.53246
published_at 2026-06-07T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.53263
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33942
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942
reference_id CVE-2023-33942
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:47:21Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33942
reference_id CVE-2023-33942
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33942
4
reference_url https://github.com/advisories/GHSA-wv99-wmpf-jrqr
reference_id GHSA-wv99-wmpf-jrqr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wv99-wmpf-jrqr
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vfwm-mr49-47dc