What is the CVSS score of CVE-2020-37192?

CVE-2020-37192 has a CVSS 3.1 base score of 6.2 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2020-37192?

Yes, a public proof-of-concept exploit is available for CVE-2020-37192. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37192?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

CVE-2020-37192

MEDIUM

Improper Restriction of XML External Entity Reference (CWE-611)

2026-02-11 disclosure@vulncheck.com

XXE

6.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.2 MEDIUM

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 12, 2026 - 15:10 vuln.today

Public exploit code

CVE Published

Feb 11, 2026 - 21:16 nvd

MEDIUM 6.2

DescriptionCVE.org

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.

AnalysisAI

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. [CVSS 6.2 MEDIUM]

Technical ContextAI

This vulnerability (CWE-611: Improper Restriction of XML External Entity Reference) MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.

Affected ProductsAI

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that

RemediationAI

Monitor vendor advisories for a patch.

CVE-2020-37192 vulnerability details – vuln.today

Back

CVE-2020-37192

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code