0.002 Low
EPSS
Percentile
57.7%
Fess is vulnerable to XML external entity injection (XXE). The library does not prevent the GSA XML file parser from processing the malicious GSA XML files injected by the attacker.
0dd.zone/2018/10/27/fess-XXE/
github.com/codelibs/fess/issues/1851