CVE-2017-18197
CVE-2017-18197 affects mxGraph (before 3.7.6). In mxGraphViewImageReader.java, the SAXParserFactory used in convert() lacks XXE-defensive flags, enabling XML External Entity attacks (as demonstrated by /ServerView). Public disclosures and advisories (GHSA-wvpv-8524-wg6x; Fed/Debian/Nessus entries...