SPS affwebservices/router/session resources vulnerable to an XXE injection attack