Description
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin post highlights 'ph_settings.php' SQL Injection (2.2)
WordPress Plugin File Manager Directory Traversal (7.2.5)
MySQL CVE-2022-39400 Vulnerability (CVE-2022-39400)
OpenSSL Other Vulnerability (CVE-2015-0209)
WordPress Plugin Advance Search for WooCommerce Cross-Site Scripting (1.0.9)