Liferay Portal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1503)

Description

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

Remediation

References

CVE-2011-1503

Related Vulnerabilities

XOOPS Other Vulnerability (CVE-2007-0377)

WordPress Plugin Mass Delete Unused Tags Cross-Site Request Forgery (2.0.0)

WordPress Plugin WP to Twitter Cross-Site Request Forgery (3.2.9)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2231)

OpenSSL Improper Input Validation Vulnerability (CVE-2013-4353)

Severity

Low

Classification

CVE-2011-1503 CWE-200