liferay portal is vulnerable to XML external entity (XXE) attacks. A remote authenticated user is able to exploit the vulnerability to read arbitrary files via an entity declaration in conjunction with an entity reference.
CPE | Name | Operator | Version |
---|---|---|---|
liferay portal impl | le | 6.0.5 |