CVE-2020-37192

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.2 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.

Vulnerability Details

Published Date

February 11, 2026

Last Modified

February 12, 2026

CWE ID

CWE-611

Source

NVD

Vendor

Top Password Software

Product

MSN Password Recovery

External References

https://www.exploit-db.com/exploits/47896
https://www.top-password.com/
https://www.vulncheck.com/advisories/msn-password-recovery-xml-external-entity-injection

CVE-2020-37192

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment