XML External Entity vulnerability in map parser
From Freeplane - free mind mapping and knowledge management software
Reported on 2017/02/19
Fix released on 2017/04/15
Reported by Wojciech Reguła, https://www.linkedin.com/in/wojciech-regu%C5%82a-1a2689119/
Description of Vulnerability
Vulnerability in FreePlane that allows you to download any file from victim's computer when the victim opens the malicious mindmap. The vulnerability pattern is described at https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.