WebAccess/NMS (versions before 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an malicious user to read sensitive files.
advantech webaccess\\/nms