CST-7137 SSRF vulnerability via XSLT

Description

Liferay Portal 7.1 CE GA4 and possibly earlier unsupported versions, is vulnerable to server side request forgery (SSRF) via XSLT as used in Web Content templates and the XSL Content widget.

Severity

Severity 2

Fixed Version(s)

Publication date: Tue, 25 Jun 2019 22:36:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.