30 matches found
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
GHSA-7JC7-G598-2P64 XDocReport affected by an XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +15 more potentially affected by CVE-2025-64087 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker (>=0.9.5 <=2.1.0)
fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =1.0.4, =1.0.2, =1.0.1, =1.3.0, =1.3.0, =0.9.5, =1.0.6-1, =2.0.0-M3, =1.16.0, =1.16.2 and more Source cves: CVE-2025-64087 Source advisory:...
GHSA-R8W2-W357-9PJV XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +50 more potentially affected by CVE-2025-65482 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.document (>=0.9.2 <=2.0.3)
fr.opensagres.xdocreport:fr.opensagres.xdocreport.document MAVEN version =0.9.2, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =2.0, =2.0, =2.0, =2.2.4, =2.0, =2.2.4, =2.2.4, =2.2.4, =2.2.7 and more Source cves: CVE-2025-65482 Source advisory: OSV:GHSA-7JC7-G598-2P64...
XDocReport affected by an XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +15 more potentially affected by CVE-2025-64087 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker (>=0.9.5 <=2.1.0)
fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =1.0.4, =1.0.2, =1.0.1, =1.3.0, =1.3.0, =0.9.5, =1.0.6-1, =2.0.0-M3, =1.16.0, =1.16.2 and more Source cves: CVE-2025-64087 Source advisory:...
br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +32 more potentially affected by CVE-2025-65482 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.document.docx (>=0.9.5 <=2.2.0)
fr.opensagres.xdocreport:fr.opensagres.xdocreport.document.docx MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =2.0, =2.0, =2.0, =2.2.4, =2.0, =2.2.4, =2.2.4, =2.2.4, =2.2.7 and more Source cves: CVE-2025-65482 Source advisory: SNYK:JAVA-FROPENSAGRESXDOCREPORT-1504671...
CVE-2025-64087
The CVE-2025-64087 SSTI issue affects the FreeMarker component in opensagres XDocReport v1.0.0–v2.1.0, enabling arbitrary code execution via crafted template expressions. The vulnerability has CVSS v3.1 metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Affected versions inc...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
CVE-2025-65482
The CVE-2025-65482 XXE vulnerability affects opensagres XDocReport versions 0.9.2 through 2.0.3, allowing arbitrary code execution via crafted .docx uploads. Root cause relates to XML data processing within the library, enabling an attacker to trigger code execution when processing external entit...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
PT-2026-3629
Name of the Vulnerable Software and Affected Versions opensagres XDocReport versions 0.9.2 through 2.0.3 Description An XML External Entity XXE issue exists in opensagres XDocReport. Successful exploitation allows attackers to execute arbitrary code by uploading a specially crafted .docx file. Th...