Westenberger

**Name of the Vulnerable Software and Affected Versions** OpenCMS versions prior to 21 **Description** The Admin Import DB feature is susceptible to XML External Entity (XXE), a flaw where an application processes XML input containing a reference to an external entity, potentially allowing unauthorized access to files or internal systems. This occurs due to insecure XML parsing of user-supplied .zip files that contain a `manifest.xml` file. **Recommendations** Update to a version later than v20. As a temporary workaround, restrict the use of the Admin Import DB feature or avoid importing .zip files from untrusted sources.