XXE in Diving Log 6.0 allows malicious users to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
divinglog diving log