Security Advisory

CVE-2020-37192

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-11 20:37:13

Last updated 2026-03-05 01:28:21

Assigner VulnCheck

State PUBLISHED

Description

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the Favorites tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.

← Browse all CVEs View on cve.org ↗