The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information.
This issue affects GMS: 9.3.4 and earlier versions.
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.