An issue exists in Independentsoft JWord prior to 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
independentsoft jword