CVE-2011-1503
published 2011-05-07CVE-2011-1503: The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote…
low3.5CVSS 3.1
AVNACMAuSCPINAN
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | liferay_portal | 5.1.0 – 5.1.2 | — |
| liferay | liferay_portal | 5.2.0 – 5.2.3 | — |
| liferay | liferay_portal | 6.0.0 – 6.0.5 | — |