First published: Wed Dec 26 2018(Updated: )
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Metinfo Metinfo | >=6.0.0<=6.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this MetInfo security issue is CVE-2018-20486.
The severity rating of CVE-2018-20486 is medium (6.1).
CVE-2018-20486 manifests as a cross-site scripting (XSS) vulnerability via the /admin/login/login_check.php url_array[] parameter.
MetInfo versions 6.x through 6.1.3 are affected by CVE-2018-20486.
To fix CVE-2018-20486, it is recommended to update MetInfo to a version beyond 6.1.3.