Metinfo · Metinfo · CVE-2017-6878
**Name of the Vulnerable Software and Affected Versions**
MetInfo version 5.3.15
**Description**
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the `name 2` parameter to "admin/column/delete.php" API endpoint.
**Recommendations**
For MetInfo version 5.3.15, avoid using the `name 2` parameter in the "admin/column/delete.php" API endpoint until the issue is resolved.