diff --git a/VectoCore/VectoCore/InputData/FileIO/JSON/JSONInputData.cs b/VectoCore/VectoCore/InputData/FileIO/JSON/JSONInputData.cs
index 4c23345405693ada1879da380d16be7ed5da9a5c..20fe7fe7de42e3834676ecbe90cfa1dc7abbd644 100644
--- a/VectoCore/VectoCore/InputData/FileIO/JSON/JSONInputData.cs
+++ b/VectoCore/VectoCore/InputData/FileIO/JSON/JSONInputData.cs
@@ -774,10 +774,9 @@ namespace TUGraz.VectoCore.InputData.FileIO.JSON
 
 		public void ValidateSimulationToolVersion()
 		{
-			var xmlDoc = new XmlDocument();
-			xmlDoc.Load(Path.Combine(Path.GetFullPath(BasePath), Body["ManufacturerRecord"].Value<string>()));
-			
-			string simToolVersionStr = XMLManufacturerReportReader.ReadElementValue(xmlDoc, "SimulationToolVersion");
+			var xmlDoc = XMLHelper.SecureLoadXML(Path.Combine(Path.GetFullPath(BasePath), Body["ManufacturerRecord"].Value<string>()));
+
+            string simToolVersionStr = XMLManufacturerReportReader.ReadElementValue(xmlDoc, "SimulationToolVersion");
 			string vectoVersionStr = VectoSimulationCore.VersionNumber;
 
 			bool xmlVersionNewer = VersioningUtil.CompareVersions(simToolVersionStr, vectoVersionStr) > 0;
@@ -789,10 +788,9 @@ namespace TUGraz.VectoCore.InputData.FileIO.JSON
 
 		public void ValidateHash()
 		{
-			var xmlDoc = new XmlDocument();
-			xmlDoc.Load(Path.Combine(Path.GetFullPath(BasePath), Body["ManufacturerRecord"].Value<string>()));
-			
-			var signatureNode = xmlDoc.SelectSingleNode("//*[local-name()='Signature']");
+			var xmlDoc = XMLHelper.SecureLoadXML(Path.Combine(Path.GetFullPath(BasePath), Body["ManufacturerRecord"].Value<string>()));
+
+            var signatureNode = xmlDoc.SelectSingleNode("//*[local-name()='Signature']");
 			var signatureDigest = new DigestData(signatureNode);
 
 			var hash = XMLHashProvider.ComputeHash(xmlDoc, signatureDigest.Reference.Remove(0, 1), signatureDigest.CanonicalizationMethods,
@@ -807,8 +805,8 @@ namespace TUGraz.VectoCore.InputData.FileIO.JSON
 
 		private void ReadManufacturerReport()
 		{
-			var xmlDoc = new XmlDocument();
-			xmlDoc.Load(Path.Combine(Path.GetFullPath(BasePath), Body["ManufacturerRecord"].Value<string>()));
+			var xmlDoc = XMLHelper.SecureLoadXML(Path.Combine(Path.GetFullPath(BasePath), Body["ManufacturerRecord"].Value<string>()));
+
 			var components = XMLManufacturerReportReader.GetContainingComponents(xmlDoc).GroupBy(s => s)
 														.Select(g => new { Entry = g.Key, Count = g.Count() });
 			_componentDigests = new Dictionary<VectoComponents, IList<string>>();
diff --git a/VectoCore/VectoCore/Utils/XMLHelper.cs b/VectoCore/VectoCore/Utils/XMLHelper.cs
index 8bc2b75e7956abf19434491412ae1b42ec8d5e72..e7269fb600ae1548d0abade8c7bb7b4d2f38dede 100644
--- a/VectoCore/VectoCore/Utils/XMLHelper.cs
+++ b/VectoCore/VectoCore/Utils/XMLHelper.cs
@@ -33,6 +33,7 @@ using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Text;
 using System.Xml;
 using System.Xml.Linq;
 using System.Xml.Schema;
@@ -436,7 +437,20 @@ namespace TUGraz.VectoCore.Utils
 			return type;
         }
 		
+		public static XmlDocument SecureLoadXML(string filePath)
+		{
+            var document = new XmlDocument();
+            MemoryStream stream = new MemoryStream(File.ReadAllBytes(filePath));
+			
+			XmlReaderSettings settings = new XmlReaderSettings() { DtdProcessing = DtdProcessing.Ignore, XmlResolver = null };
+            
+			document.Load(XmlReader.Create(stream, settings));
 
+			stream.Close();
+			stream.Dispose();
+
+			return document;
+		}
 
 	}
 }
\ No newline at end of file