Microsoft · Blogengine.Net · CVE-2018-14485
**Name of the Vulnerable Software and Affected Versions**
BlogEngine.NET version 3.3
**Description**
The issue allows XXE attacks through the POST body to the "metaweblog.axd" endpoint.
**Recommendations**
For BlogEngine.NET version 3.3, consider restricting access to the metaweblog.axd endpoint until a patch is available.