Posts List

FreePlane <= 1.5.9 XXE

What FreePlane is? FreePlane is an open-source application intended for creating mind maps. Vulnerability descripton: FreePlane is Java-based app that loads its mind maps that are stored as a simple XML files. The parser allowed to expand external entities that caused this vulnerability. Results: When victim opens maliciously crafted mind map, any accessible by Java file can be sent to the attacker. Proof of concept: Malicious mindmap: <map version="freeplane 1.