An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
The vendor's disclosure and fix for this vulnerability can be found here.
This vulnerability requires:
- Valid user credentials
More details and the exploitation process can be found in this PDF.