An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
References
Link | Resource |
---|---|
https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-28152 | |
https://excellium-services.com/cert-xlm-advisory/CVE-2023-28152 | Third Party Advisory |
https://www.independentsoft.de/jword/index.html | Product |
https://excellium-services.com/cert-xlm-advisory/CVE-2023-28152 | Third Party Advisory |
https://www.independentsoft.de/jword/index.html | Product |
Configurations
History
30 May 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2023-03-24 16:15
Updated : 2025-05-30 16:15
NVD link : CVE-2023-28152
Mitre link : CVE-2023-28152
CVE.ORG link : CVE-2023-28152
JSON object : View
Products Affected
independentsoft
- jword
CWE
CWE-611
Improper Restriction of XML External Entity Reference