WSO2 Carbon Event Publisher is vulnerable to XML External Entity. The vulnerability exists in event receiver and publisher configurations due to not enabling the secure processing feature for XML parsing which allows an attacker to cause parse malicious XML into the system.