CVE-2011-1503Sensitive Information Exposure in Portal

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.7%
top 28.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Liferay Portal
Timeline
PublishedMay 7
Latest updateMay 13

Description

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDliferay/liferay_portal5.1.05.1.2+2

🔴Vulnerability Details

2
GHSA
GHSA-w63j-vgrj-2p3w: The XSL Content portlet in Liferay Portal Community Edition (CE) 52022-05-13
CVEList
CVE-2011-1503: The XSL Content portlet in Liferay Portal Community Edition (CE) 52011-05-07
CVE-2011-1503 — Sensitive Information Exposure | cvebase