I'm trying to get my PCI compliance for my server and I fail the test because the scan indicates that the ISPConfig3.1 /login/password_reset.php is vulnerable to Generic XML Injection and CGI Generic Path Traversal (write test). I was wondering if this is a false positive or if it is actually a legit vulnerability. Devs if you need more info on the scan results I can PM the info to you. Thanks.
