XML Injection Vulnerability in WebAccess/NMS (versions prior to 3.0.2)

XML Injection Vulnerability in WebAccess/NMS (versions prior to 3.0.2)

CVE-2020-10629 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.

Learn more about our Web Application Penetration Testing UK.