Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MSN Password Recovery 1.30 - XML External Entity Injection
Vulnerability Description
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Top Password MSN Password Recovery 代码问题漏洞
Vulnerability Description
Top Password MSN Password Recovery是Top Password公司的一个MSN密码恢复工具。 Top Password MSN Password Recovery 1.30版本存在代码问题漏洞,该漏洞源于XML外部实体注入,可能导致读取本地系统文件。
CVSS Information
N/A
Vulnerability Type
N/A