CVE-2017-12788

Name of the Vulnerable Software and Affected Versions Metinfo version 5.3.18

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the class1 parameter or the anyid parameter in the admin/index.php file.

Recommendations For Metinfo version 5.3.18, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the admin/index.php file to minimize the risk of exploitation. Avoid using the class1 and anyid parameters in the affected file until the issue is resolved.