CNNVD-202601-3203 Information
CNNVD ID
CNNVD-202601-3203
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
XDocReport是opensagres开源的一个XML文档报告软件。 XDocReport 0.9.2版本至2.0.3版本存在安全漏洞,该漏洞源于存在XML外部实体漏洞,可能导致通过上传特制的.docx文件执行任意代码。
Description (English)
XDocReport is an XML document reporting software from the open source of open-source open-source open-source open-sources. There is a security gap between XDocReport versions 0.9.2 and 2.0.3, which stems from an external XML entity loophole that could lead to the implementation of any code by uploading a special .docx file.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
opensagres
Published
2026-01-20
Last Modified
2026-02-24
References
https://drive.google.com/drive/folders/1hUyCznpBN7ivo5krmyJ4OQc_q626Hy5q?usp=sharing https://github.com/AT190510-Cuong/CVE-2025-65482-XXE- https://github.com/opensagres/xdocreport https://hackmd.io/@cuongnh/r1B7B8fJ-g https://hackmd.io/@cuongnh/rkJPCgSy-l https://access.redhat.com/security/cve/cve-2025-65482
Patch
https://github.com/opensagres/xdocreport/tags
Share on: