CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-1503
https://notcve.org/view.php?id=CVE-2011-1503
07 May 2011 — The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL. XSL Content portlet en Liferay Portal Community Edition (CE) v5.x y v6.x anterior a 6.0.6 GA, cuando Apache Tomcat o Oracle GlassFish es usado, permite a usuarios remotos autenticados leer ficheros (1) XSL y (2) XML mediante la URL file:/// • http://issues.liferay.com/browse/LPS-13762 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 2CVE-2011-1571 – Liferay XSL - Command Execution
https://notcve.org/view.php?id=CVE-2011-1571
07 May 2011 — Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en XSL Content portlet en Liferay Portal Community Edition (CE) v5.x y v6.x anterior a v6.0.6 GA, cuando Apache Tomcat es utilizado, permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores desconocidos. • https://www.exploit-db.com/exploits/18715 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3742
https://notcve.org/view.php?id=CVE-2009-3742
07 Jan 2010 — Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Liferay Portal anterior a v5.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro p_p_id • http://issues.liferay.com/browse/LPS-6034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •