Jopendocument
Monthly
XML external entity (XXE) injection in jOpenDocument 1.5 allows authenticated remote attackers to trigger denial of service through XML bomb attacks (billion laughs) by submitting specially crafted documents. The vulnerability affects document parsing functionality and requires valid user authentication, limiting but not eliminating real-world risk in multi-tenant or collaborative document processing environments. EPSS and KEV status not provided, but SSVC framework indicates automatable exploitation with partial technical impact.
XML external entity (XXE) injection in jOpenDocument 1.5 allows authenticated remote attackers to trigger denial of service through XML bomb attacks (billion laughs) by submitting specially crafted documents. The vulnerability affects document parsing functionality and requires valid user authentication, limiting but not eliminating real-world risk in multi-tenant or collaborative document processing environments. EPSS and KEV status not provided, but SSVC framework indicates automatable exploitation with partial technical impact.