CVE-2021-42560
CALDERA 2.9.0 Debrief plugin accepts base64-encoded SVG parameters when generating PDFs. The SVGs are parsed unsafely, enabling XXE-style attacks that can lead to file exfiltration, server-side requests, or out-of-band exfiltration. No explicit exploit details or affected subversions beyond CALDE...