Description
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31548)
WordPress Plugin Claptastic Clap! Button Multiple Cross-Site Scripting Vulnerabilities (1.3)
Jboss EAP Other Vulnerability (CVE-2014-3490)
WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Cross-Site Scripting (1.3.3)