Lucene search
+L

693 matches found

CNNVD
CNNVD
added 2025/10/03 12:0 a.m.5 views

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from an unvalidated SVG file input in the Image Management module and could lead to a stored cross-site scripting attack...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/03 12:0 a.m.3 views

CVE-2025-60454

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...

5.7AI score0.00244EPSS
Exploits1References1
CVE
CVE
added 2025/10/03 12:0 a.m.13 views

CVE-2025-60450

MetInfo CMS 8.0 is affected by a stored XSS in file upload handling. The vulnerability arises from insufficient validation and sanitization of SVG uploads in app\system\include\module\editor\Uploader.class.php, allowing an attacker to upload SVG files containing JavaScript that executes when view...

6.1CVSS5.7AI score0.00213EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.12 views

PT-2025-40520

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS flaw exists because of inadequate validation and sanitization of SVG file uploads. The issue is located in the appsystemincludemoduleuploadify.class.php component within the...

6.1CVSS5.8AI score0.00213EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/03 12:0 a.m.11 views

CVE-2025-60454

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...

0.00244EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/03 12:0 a.m.4 views

CVE-2025-60451

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...

5.7AI score0.00213EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/03 12:0 a.m.5 views

CVE-2025-60450

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...

5.7AI score0.00213EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/03 12:0 a.m.3 views

CVE-2025-60453

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...

5.7AI score0.00244EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/03 12:0 a.m.12 views

CVE-2025-60450

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...

0.00213EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.7 views

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from insufficient validation and cleanup of SVG file uploads and could lead to a stored cross-site scripting attack...

6.1CVSS5.9AI score0.00213EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/03 12:0 a.m.6 views

CVE-2025-60452

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...

5.8AI score0.00213EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.7 views

PT-2025-40519

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS flaw exists due to inadequate validation and sanitization of SVG file uploads within the appsystemincludemoduleeditorUploader.class.php component. This allows attackers to...

6.1CVSS5.8AI score0.00213EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.6 views

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from insufficient validation and cleanup of SVG file uploads and could lead to a stored cross-site scripting attack...

6.1CVSS5.9AI score0.00213EPSS
Exploits1References1
CVE
CVE
added 2025/10/03 12:0 a.m.19 views

CVE-2025-60451

MetInfo CMS 8.0 contains a stored XSS due to insufficient validation/sanitization of SVG uploads in the website settings module, specifically in app/system/include/module/uploadify.class.php. The issue allows uploaded SVGs with JavaScript to execute when viewed. CVSS 3.1 base score 6.1 (Network a...

6.1CVSS5.7AI score0.00213EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/10/03 12:0 a.m.13 views

CVE-2025-60452

MetInfo CMS v8.0 contains a stored XSS in the download management module (app\system\download\admin\download_admin.class.php) caused by accepting unvalidated SVG uploads (containing JavaScript) that execute when viewed. Red Hat and other sources corroborate the same description. Impact is a store...

6.1CVSS5.8AI score0.00213EPSS
Exploits1References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-16996

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/productadmin.class.php via the admin/?n=product&c=productadmin&a=dopara&apptype=shop id parameter...

7.2CVSS5.9AI score0.12443EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.9 views

CVE-2022-44849

A Cross-Site Request Forgery CSRF in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account...

8.8CVSS7AI score0.00375EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:22 p.m.8 views

CVE-2022-22295

Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameteradmin.class.php via the tablepara parameter...

9.8CVSS8.2AI score0.01575EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:47 p.m.9 views

CVE-2020-21517

Cross Site Scripting XSS vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php...

6.1CVSS6AI score0.00945EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:8 p.m.7 views

CVE-2020-20585

A blind SQL injection in /admin/?n=logs=index=dode of Metinfo 7.0 beta allows attackers to access sensitive database information...

7.5CVSS7.8AI score0.01641EPSS
Exploits1
Rows per page
Query Builder