The XSL Content portlet allows anyone who has permission to configure the portlet to specify any XML/XSL file. By creating the appropriate XML/XSL file, a user can access any file on the system, launch denial-of-service attacks and more.
XSL Content portlet can be configured with any XML/XSL
- Assignee:
-
Samuel Kong
- Reporter:
-
Samuel Kong
- Participants of an Issue:
- Recent user:
- Esther Sanz
- Votes:
-
0 Vote for this issue
- Watchers:
-
0 Start watching this issue