The vulnerability in this article has been corrected in the Liferay's current, latest version. We consider it extremely important to keep the used system up-to-date. The following article shows an example of a vulnerability in an outdated Liferay version.
If you are logged in to a vulnerable system, then you are only one click away from getting your session stolen. Just a question: have you clicked a shortened url recently?
Level of security risk: Medium
An attacker could act in the name of an other user and with the given user’s privileges.
Proof of concept:
Open the following link in Firefox: