Severity: Low
OverIT projects based on the same Geocall-Framework at level v. < 8, an authenticated user who has the “Test Trasformazione xsl” functionality enabled can exploit an XXE vulnerability to read arbitrary files from the filesystem. The vulnerability is triggered by sending a specific XSL tag inside the XML field.