Liferay portal is vulnerable to directory traversal.XSL content portlet paths for XSL and XML content is not validated and allows a remote attacker to retrieve system files by submitting file:///
in the URL.
CPE | Name | Operator | Version |
---|---|---|---|
liferay portal impl | le | 6.0.5 |