Medium severity5.0OSV Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2024-58335

Description

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java.

Affected products

Jcthiele/OpenxrechnungtoolboxOSV
Range: 2020-08-27, 2020-08-28, 2020-11-02, …

Patches

6c50e8979924

https://github.com/jcthiele/openxrechnungtoolboxvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/jcthiele/OpenXRechnungToolbox/commit/6c50e8979924b09f336c976cbad3a9ebfe25ebf9nvd
invoice.secvuln.infonvd

News mentions

No linked articles in our index yet.

cvss	0.325
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000