漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MSN Password Recovery 1.30 - XML External Entity Injection
Vulnerability Description
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Top Password MSN Password Recovery 代码问题漏洞
Vulnerability Description
Top Password MSN Password Recovery是Top Password公司的一个MSN密码恢复工具。 Top Password MSN Password Recovery 1.30版本存在代码问题漏洞,该漏洞源于XML外部实体注入,可能导致读取本地系统文件。
CVSS Information
N/A
Vulnerability Type
N/A