CVE-2022-22835: OverIT Geocall v. < 8.0 – XXE

Severity: Low

OverIT projects based on the same Geocall-Framework at level v. < 8, an authenticated user who has the “Test Trasformazione xsl” functionality enabled can exploit an XXE vulnerability to read arbitrary files from the filesystem. The vulnerability is triggered by sending a specific XSL tag inside the XML field.