Description
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2178)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8098)
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)
WordPress Plugin WP Smiley Multiple Vulnerabilities (1.4.1)
WordPress Plugin WPtouch Multiple Cross-Site Scripting Vulnerabilities (3.7.3)