17 matches found
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
CVE-2025-65482
The CVE-2025-65482 XXE vulnerability affects opensagres XDocReport versions 0.9.2 through 2.0.3, allowing arbitrary code execution via crafted .docx uploads. Root cause relates to XML data processing within the library, enabling an attacker to trigger code execution when processing external entit...
CVE-2025-64087
The CVE-2025-64087 SSTI issue affects the FreeMarker component in opensagres XDocReport v1.0.0–v2.1.0, enabling arbitrary code execution via crafted template expressions. The vulnerability has CVSS v3.1 metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Affected versions inc...
CVE-2025-64087
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
PT-2026-3629
Name of the Vulnerable Software and Affected Versions opensagres XDocReport versions 0.9.2 through 2.0.3 Description An XML External Entity XXE issue exists in opensagres XDocReport. Successful exploitation allows attackers to execute arbitrary code by uploading a specially crafted .docx file. Th...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
PT-2026-3620
Name of the Vulnerable Software and Affected Versions opensagres XDocReport versions 1.0.0 through 2.1.0 Description A Server-Side Template Injection SSTI flaw exists in the FreeMarker component. This allows attackers to execute arbitrary code by injecting crafted template expressions. The affect...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
XDocReport security vulnerabilities
XDocReport is an open-source XML document reporting software developed by opensagres. Versions 0.9.2 to 2.0.3 of XDocReport have security vulnerabilities. These vulnerabilities stem from XML external entity vulnerabilities, which may allow arbitrary code to be executed by uploading a specially...
XML External Entity (XXE) Injection
Opensagres XDocReport Document is vulnerable to XML external entity injection. The vulnerability exists in preprocess function in SAXXDocPreprocessor because the XML parser is not properly configured which allows an attacker to inject malicious XML input via weakly configured parser...