PT-2018-14396 · Metinfo · Metinfo

Publicado

2018-10-15

Atualizado

2018-11-28

CVE-2018-18296

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MetInfo version 6.1.2

Description The issue allows for XSS via the /admin/index.php endpoint with the bigclass parameter in an n=column&a=doadd action. This affects the bigclass parameter, which is used in the specified action.

Recommendations For MetInfo version 6.1.2, as a temporary workaround, consider restricting access to the /admin/index.php endpoint with the n=column&a=doadd action to minimize the risk of exploitation. Avoid using the bigclass parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-18296

Produtos afetados

Metinfo

PT-2018-14396 · Metinfo · Metinfo

CVE-2018-18296

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3