Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.
http://www.securityfocus.com/bid/93010
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160907-01-anyoffice-en