2 matches found
CVE-2017-6878
MetInfo 5.3.15 contains a stored XSS in the admin/column/delete.php endpoint via the name_2 parameter, exploitable by remote authenticated users to inject scripts. PoCs and discussion appear in Seebug and PacketStorm references; no patch or remediation details are provided in the supplied documen...
MetInfo5.3.15 存储型 XSS 漏洞(CVE-2017-6878)
Vulnerability details: To modify, add a message in problem position insert JavaScript test code Then the background access to relevant pages, or other users access to the front desk page will make the attack code is executed. E-mail:callarice 163 com DBAppSecurity Ltd www.dbappsecurity.com.cn POC...