DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.6%