Microsoft PowerShell suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.