SPS servers vulnerable to an XXE injection attack