EPSS
Percentile
61.3%
Fess is vulnerable to XML external entity injection (XXE). The library does not prevent the GSA XML file parser from processing the malicious GSA XML files injected by the attacker.
0dd.zone/2018/10/27/fess-XXE/
github.com/codelibs/fess/issues/1851