An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.Referenceshttps://www.independentsoft.de/jword/index.htmlhttps://excellium-services.com/cert-xlm-advisory/CVE-2023-28151