CNNVD-202512-4735 Information
CNNVD ID
CNNVD-202512-4735
Related CVE
- CNNVD Published: 2025-12-24
Description (Chinese)
OpenXRechnungToolbox是Dr. Jan C. Thiele个人开发者的一个用于可视化和验证电子发票的图形用户界面。 OpenXRechnungToolbox 2024-10-05-3.0.0版本至6c50e89之前版本存在代码问题漏洞,该漏洞源于未启用disallow-doctype-decl功能,可能导致XML外部实体引用攻击。
Description (English)
OpenXRechnungToolbox is a graphical user interface for visualization and authentication of electronic invoices by Dr. Jan C. Thiele’s personal developer. OpenXRechnungToolbox version 2024-10-05-3.0.0 to 6c50e89 had a code problem loophole, which stemmed from the non-enabled disallow-doctype-decl function, which could lead to a reference attack by an outside XML entity.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
个人开发者
Published
2025-12-24
Last Modified
2026-02-24
References
https://github.com/jcthiele/OpenXRechnungToolbox/commit/6c50e8979924b09f336c976cbad3a9ebfe25ebf9 https://invoice.secvuln.info https://access.redhat.com/security/cve/cve-2024-58335
Patch
https://github.com/jcthiele/OpenXRechnungToolbox/releases
Share on: