Description
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Remediation
References
https://docs.craftercms.org/en/3.0/security/advisory.html
http://crafter.com
Related Vulnerabilities
CVE-2015-8858 Vulnerability in maven package org.webjars.npm:uglify-js
CVE-2022-42890 Vulnerability in maven package org.apache.xmlgraphics:batik-script
CVE-2019-10077 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2023-33937 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.form.web
CVE-2019-0224 Vulnerability in maven package org.apache.jspwiki:jspwiki-builder