Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host.
CVE-2025-66371: Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the X…
Peppol-py before 1.1.1 is vulnerable to XXE attacks due to misconfigured Saxon settings, allowing remote file content exposure during XML invoice validation.