Description

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

Remediation

References

CVE-2011-1503

Related Vulnerabilities

Liferay DXP CVE-2022-42126 Vulnerability (CVE-2022-42126)

WordPress Plugin About Me Page Cross-Site Scripting (4.0)

WordPress Plugin GlotPress Information Disclosure (2.2.1)

WordPress Plugin aoringo TAG upper Cross-Site Scripting (0.1.6)

WordPress Plugin WP Job Manager PHP Object Injection (1.29.2)

Severity

Low

Classification

CVE-2011-1503 CWE-200

Tags

Missing Update Known Vulnerabilities