Vulnerabilities > Metinfo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2020-20600 | Cross-site Scripting vulnerability in Metinfo 7.0.0 MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn. | 5.4 |
| 2021-06-21 | CVE-2020-21517 | Cross-site Scripting vulnerability in Metinfo 7.0.0 Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. | 6.1 |
| 2019-05-09 | CVE-2017-12790 | Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 5.3.18 Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). | 6.5 |
| 2019-05-09 | CVE-2017-12788 | Cross-site Scripting vulnerability in Metinfo 5.3.18 Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter. | 6.1 |
| 2018-12-26 | CVE-2018-20486 | Cross-site Scripting vulnerability in Metinfo MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. | 6.1 |
| 2018-12-03 | CVE-2018-19836 | Incorrect Permission Assignment for Critical Resource vulnerability in Metinfo 6.1.3 In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. | 6.1 |
| 2018-12-03 | CVE-2018-19835 | Cross-site Scripting vulnerability in Metinfo 6.1.3 Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. | 6.1 |
| 2018-11-07 | CVE-2018-19051 | Cross-site Scripting vulnerability in Metinfo 6.1.3 MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. | 6.1 |
| 2018-11-07 | CVE-2018-19050 | Cross-site Scripting vulnerability in Metinfo 6.1.3 MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. | 6.1 |
| 2018-10-16 | CVE-2018-18374 | Cross-site Scripting vulnerability in Metinfo 6.1.2 XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | 5.4 |