Description
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.1.9)
WordPress Plugin BuddyPress 'page' Parameter SQL Injection (1.5.4)
PHP Improper Input Validation Vulnerability (CVE-2020-7071)
Internet Information Services Other Vulnerability (CVE-2002-0150)
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4076)