XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.