PT-2021-10638 · Metinfo · Metinfo
Published
2021-06-21
·
Updated
2021-06-22
·
CVE-2020-21517
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
MetInfo version 7.0.0
Description:
A Cross Site Scripting (XSS) issue exists via the
gourl parameter in the "login.php" endpoint.Recommendations:
For MetInfo version 7.0.0, update the software to a version that fixes this issue, or as a temporary workaround, consider restricting access to the
login.php endpoint to minimize the risk of exploitation. Avoid using the gourl parameter in the affected endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Metinfo