CVE-2020-37192

Name of the Vulnerable Software and Affected Versions MSN Password Recovery version 1.30

Description An XML external entity injection allows attackers to read local system files through crafted XML input. By injecting a malicious XML file that references external entities via the 'Favorites' tab, sensitive system configuration information can be retrieved.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.