VYPR

CWE-827

Improper Control of Document Type Definition

VariantIncomplete

Description

The product does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the product to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1)

  • CVE-2024-9044MedNov 29, 2024
    risk 0.30cvss epss 0.00

    A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.