I have a doubt about some XXE. What a should report ? I have some cases where the vulnerability exists but they don’t use this xml more ahead in the code.
XmlDocument objDocument = new XmlDocument();
so in the project they .net 4.5 and some referentes in 3.5. Also the load the same stuff visual basic code.
so if the vulnerability exists but they don’t use this code more ahead is not vulnerable or yes ?