CVE-2018-20486: XSS
First published: Wed Dec 26 2018(Updated: )
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Metinfo Metinfo | >=6.0.0<=6.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this MetInfo security issue?
The vulnerability ID for this MetInfo security issue is CVE-2018-20486.
What is the severity rating of CVE-2018-20486?
The severity rating of CVE-2018-20486 is medium (6.1).
How does CVE-2018-20486 manifest?
CVE-2018-20486 manifests as a cross-site scripting (XSS) vulnerability via the /admin/login/login_check.php url_array[] parameter.
Which versions of MetInfo are affected by CVE-2018-20486?
MetInfo versions 6.x through 6.1.3 are affected by CVE-2018-20486.
How can I fix CVE-2018-20486?
To fix CVE-2018-20486, it is recommended to update MetInfo to a version beyond 6.1.3.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/metinfo
- canonical/metinfo metinfo
- version/metinfo metinfo/6.0.0
- version/metinfo metinfo/6.1.3