CVE-2010-3260
CVE-2010-3260 affects Orbeon Forms (xforms-server) prior to version 3.9, where oxf/xml/xerces/XercesSAXParserFactoryImpl.java does not properly restrict DTDs in AJAX requests. This XML injection flaw allows remote attackers to read arbitrary files or trigger requests to intranet servers via an en...