Description
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
Remediation
References
https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46365-Unsafe%20XML%20Parsing-Magnolia%20CMS
Related Vulnerabilities
CVE-2018-1000169 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-4278 Vulnerability in npm package tree-kit
CVE-2023-30531 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder
CVE-2021-45046 Vulnerability in maven package org.apache.logging.log4j:log4j-core
CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-storage-script-dev-server