Description
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Scripting (3.4.8.2)
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1)
Jenkins Improper Input Validation Vulnerability (CVE-2015-1808)
WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.7.38)