I have a doubt about some XXE. I have some cases where the vulnerability could exist but for example, the xml is not used more ahead in the code.
XmlDocument objDocument = new XmlDocument();
so in the project there is .net 4.5 and some referentes in 3.5. Also it is load the same stuff in visual basic code.
so if the vulnerability exists but the code is not used more ahead is not vulnerable, is it?