First published: Mon Oct 15 2018(Updated: )
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Metinfo Metinfo | =6.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this MetInfo version 6.1.2 vulnerability is CVE-2018-18296.
The vulnerability in MetInfo 6.1.2 is an XSS (Cross-Site Scripting) vulnerability that arises from the /admin/index.php bigclass parameter in an n=column&a=doadd action.
The severity of CVE-2018-18296 is medium.
The XSS vulnerability in MetInfo 6.1.2 can be exploited by manipulating the bigclass parameter in the /admin/index.php with the n=column&a=doadd action.
Yes, it is recommended to update to the latest version of MetInfo to fix the vulnerability in MetInfo 6.1.2.