693 matches found
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from an unvalidated SVG file input in the Image Management module and could lead to a stored cross-site scripting attack...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60450
MetInfo CMS 8.0 is affected by a stored XSS in file upload handling. The vulnerability arises from insufficient validation and sanitization of SVG uploads in app\system\include\module\editor\Uploader.class.php, allowing an attacker to upload SVG files containing JavaScript that executes when view...
PT-2025-40520
Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS flaw exists because of inadequate validation and sanitization of SVG file uploads. The issue is located in the appsystemincludemoduleuploadify.class.php component within the...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60451
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
CVE-2025-60453
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from insufficient validation and cleanup of SVG file uploads and could lead to a stored cross-site scripting attack...
CVE-2025-60452
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...
PT-2025-40519
Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS flaw exists due to inadequate validation and sanitization of SVG file uploads within the appsystemincludemoduleeditorUploader.class.php component. This allows attackers to...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from insufficient validation and cleanup of SVG file uploads and could lead to a stored cross-site scripting attack...
CVE-2025-60451
MetInfo CMS 8.0 contains a stored XSS due to insufficient validation/sanitization of SVG uploads in the website settings module, specifically in app/system/include/module/uploadify.class.php. The issue allows uploaded SVGs with JavaScript to execute when viewed. CVSS 3.1 base score 6.1 (Network a...
CVE-2025-60452
MetInfo CMS v8.0 contains a stored XSS in the download management module (app\system\download\admin\download_admin.class.php) caused by accepting unvalidated SVG uploads (containing JavaScript) that execute when viewed. Red Hat and other sources corroborate the same description. Impact is a store...
VulnCheck KEV: CVE-2019-16996
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/productadmin.class.php via the admin/?n=product&c=productadmin&a=dopara&apptype=shop id parameter...
CVE-2022-44849
A Cross-Site Request Forgery CSRF in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account...
CVE-2022-22295
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameteradmin.class.php via the tablepara parameter...
CVE-2020-21517
Cross Site Scripting XSS vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php...
CVE-2020-20585
A blind SQL injection in /admin/?n=logs=index=dode of Metinfo 7.0 beta allows attackers to access sensitive database information...