dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.
XXE
Dom4J
Agile Plm
Application Testing Suite
Banking Platform
+34
NVD
GitHub
CVSS 3.1
9.8
EPSS
7.3%