First published: Wed Nov 07 2018(Updated: )
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Metinfo Metinfo | =6.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-19050.
CVE-2018-19050 has a severity rating of medium (6.1).
The affected software version for CVE-2018-19050 is MetInfo 6.1.3.
An attacker can exploit CVE-2018-19050 by using a crafted URL to inject malicious scripts into the application, potentially compromising user data and executing unauthorized actions.
To fix CVE-2018-19050, it is recommended to update to a patched version of MetInfo (6.1.4 or later) or apply appropriate security measures to mitigate the risk of exploitation.