Details
-
Bug
-
Status: Closed
-
Resolution: Duplicate
-
6.2.3 CE GA4
Description
The XSL Content portlet allows anyone who has permission to configure the portlet to specify any XML/XSL file. By creating the appropriate XML/XSL file, a user can access any file on the system, launch denial-of-service attacks and more.