Description

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

Remediation

References

CVE-2011-1503

Related Vulnerabilities

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Cross-Site Scripting (1.13.59)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8976)

PostgreSQL Other Vulnerability (CVE-2003-0901)

WordPress Plugin AdWizz 'link' Parameter Cross-Site Scripting (1.0)

Oracle Database Server CVE-2014-6452 Vulnerability (CVE-2014-6452)

Severity

Low

Classification

CVE-2011-1503 CWE-200

Tags

Missing Update Known Vulnerabilities