XML External Entity (XXE)

jOOX is vulnerable to XML external entity attacks. It is possible because XMLasDOMBinding does not prevent the resolution of external entity references, allowing the attackers to submit malicious XML to the XML parser and gain access to information about an internal network, local file system, or...