XML External Entity (XXE) Injection
Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to XML External Entity XXE Injection via importDocumenttype.aspx.cs. Exploiting this vulnerability allows the attacker to obtain sensitive information by reading files on the server or sending TCP request...