Gwestenberger

**Name of the Vulnerable Software and Affected Versions** Alkacon OpenCms versions 11.0 through 11.0.2 **Description** An XML external entity (XXE) issue allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document. **Recommendations** For versions 11.0 through 11.0.2, update to a version that includes a fix for this issue to prevent file exfiltration. As a temporary workaround, consider restricting the upload of SVG documents or limiting edit privileges to trusted users until a patch is available.