An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 7.0.1p02 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML…Read More