CWE-827
Improper Control of Document Type Definition
VariantIncomplete
Description
The product does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the product to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker.
Hierarchy (View 1000)
CVEs mapped to this weakness (1)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-9044 | Med | 0.30 | — | 0.00 | Nov 29, 2024 | A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS. |