Vulnerability Database

322,732

Total vulnerabilities in the database

CVE-2020-37192

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.

Published: Feb 11, 2026
Updated: Feb 12, 2026
CVE: CVE-2020-37192
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.2
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

No affected software listed.

https://www.exploit-db.com/exploits/47896
https://www.top-password.com/
https://www.vulncheck.com/advisories/msn-password-recovery-xml-external-entity-injection

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo