XML External Entity (XXE)
liferay portal vulnerable to XML External Entity XXE. The vulnerability is due toJava2WsddTask.format method, which allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources...