CVE-2018-20160

Name of the Vulnerable Software and Affected Versions: ZxChat (aka ZeXtras Chat) versions 8.7 through 8.8

Description: The issue allows XXE (XML External Entity) attacks. This can be demonstrated by sending a crafted XML request to the mailboxd endpoint.

Recommendations: For versions 8.7 through 8.8, consider restricting access to the mailboxd endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using potentially vulnerable XML requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.