The Debrief plugin in Caldera (versions <=2.9.0) receives base64 encoded "SVG" parameters when generating a PDF. These SVG are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g. File Exfiltration, Server-Side Request Forgery, Out of Band Exfiltration, etc.).
The vendor's disclosure for this vulnerability can be found here.
This vulnerability requires:
- Valid user credentials
More details and the exploitation process can be found in this PDF.