Improper Restriction of XML External Entity Reference
The fess package contains an XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
Advisories for Maven/Org.codelibs.fess/Fess package
2018