3 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name2 parameter to admin/column/delete.php...
CVE-2017-6878
Cross-site scripting XSS vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name2 parameter to admin/column/delete.php...
CVE-2017-6878
MetInfo 5.3.15 contains a stored XSS in the admin/column/delete.php endpoint via the name_2 parameter, exploitable by remote authenticated users to inject scripts. PoCs and discussion appear in Seebug and PacketStorm references; no patch or remediation details are provided in the supplied documen...