CST-7137 SSRF vulnerability via XSLT

Description

Liferay Portal 7.1 CE GA4 and possibly earlier unsupported versions, is vulnerable to server side request forgery (SSRF) via XSLT as used in Web Content templates and the XSL Content widget.

Severity

Severity 2

Fixed Version(s)

March 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.

Publication date: Tue, 25 Jun 2019 22:36:00 +0000

Community

Company

Feedback

Known Vulnerabilities

Releases

Description

Severity

Fixed Version(s)