CVE-2018-19858
PrinceXML versions 10 and below are vulnerable to XXE due to missing protection against external entities. If an attacker supplies HTML referencing an XML file (for example via an IFRAME), PrinceXML will fetch and parse the XML, enabling file-read access and SSRF. No remediation details are provi...