Security analyst Stephan Sekula discovered an XML External Entity (XXE) vulnerability in ACTICO Workplace, which allows an attacker to read arbitrary files on the system.