CVE-2017-2815
OpenFire User Import Export Plugin 2.6.0 is vulnerable to XML External Entity (XXE) injection (CVE-2017-2815). An authenticated attacker can send a crafted request to trigger XXE, enabling retrieval of arbitrary files or causing a Denial of Service. Affected component: OpenFire User Import Export...