Description
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2003-1303)
WordPress Plugin Syndication Links Cross-Site Scripting (1.0.2)
WordPress Plugin Social Connect Cross-Site Scripting (1.0.4)
Microsoft SQL Server Other Vulnerability (CVE-2002-1145)
WordPress Plugin WP-Members Membership Multiple Cross-Site Scripting Vulnerabilities (2.8.9)