CVE-2024-58335

Summary

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java.

Affected Software

VendorProductVersion RangeStatus
jcthieleOpenXRechnungToolbox0 < 6c50e8979924b09f336c976cbad3a9ebfe25ebf9affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References