Description
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
Remediation
References
https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46365-Unsafe%20XML%20Parsing-Magnolia%20CMS
Related Vulnerabilities
CVE-2019-12421 Vulnerability in maven package org.apache.nifi:nifi-nar-bundles
CVE-2022-23302 Vulnerability in maven package log4j:log4j
CVE-2020-13934 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2022-21810 Vulnerability in npm package smartctl
CVE-2022-45392 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration