AI Score
Confidence
Low
EPSS
Percentile
52.4%
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
issues.liferay.com/browse/LPS-13762
issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
openwall.com/lists/oss-security/2011/03/29/1
openwall.com/lists/oss-security/2011/04/08/5
openwall.com/lists/oss-security/2011/04/11/9