CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.
Date published : 2018-05-15
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0316