The remote web server hosts a web application that is vulnerable to multiple attack vectors.
The remote web server hosts Liferay Portal, a web portal for building business solutions. Versions of Liferay Portal earlier than 6.0.6 are potentially affected by multiple vulnerabilities : - An unspecified command execution vulnerability exists in the portlet 'XSL content'. (LPS-14726) - An arbitrary file disclosure vulnerability exists in XXE. (LPS-14927) - It is possible to read arbitrary XSL and XML files on the remote host via the 'file: ///' path. (LPS-13762) - An unspecified cross-site scripting vulnerability may exist. (LPS-11506) - A cross-site scripting vulnerability exists in message board search. (LPS-12628)