EPSS
Percentile
80.0%
mxgraph is vulnerable to XML external entity (XXE) injection attacks. These attacks are possible because the SAXParserFactory used doesn’t prevent doc-type declarations (DTD), allowing attackers to perform these attacks.
SAXParserFactory
github.com/jgraph/mxgraph/blob/master/java/examples/com/mxgraph/examples/web/ExportServlet.java#L50
github.com/jgraph/mxgraph/issues/124