An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server.
https://www.visual-planning.com/en/support-portal/updates
https://www.schutzwerk.com/blog/schutzwerk-sa-2023-006/
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-006.txt