XML External Entity (XXE) Injection in Independentsoft JODF API via Remote DTD in DOCX File

XML External Entity (XXE) Injection in Independentsoft JODF API via Remote DTD in DOCX File

CVE-2023-28150 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.

Learn more about our Api Penetration Testing.