An issue in openCRX v.5.2.2 allows a remote malicious user to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
opencrx opencrx 5.2.2