Hippo CMS version 10.1 suffers from an XML External Entity information disclosure vulnerability.