Description

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

Remediation

References

CVE-2011-1503

Related Vulnerabilities

ownCloud Improper Input Validation Vulnerability (CVE-2012-5610)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40882)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44946)

WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.2)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-36107)

Severity

Low

Classification

CVE-2011-1503 CWE-200

Tags

Missing Update Known Vulnerabilities