Vulnerabilities > Metinfo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-15 | CVE-2018-18296 | Cross-site Scripting vulnerability in Metinfo 6.1.2 MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. | 6.1 |
| 2018-09-17 | CVE-2018-17129 | SQL Injection vulnerability in Metinfo 6.1.0 MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. | 4.9 |
| 2018-07-20 | CVE-2018-14419 | Cross-site Scripting vulnerability in Metinfo 6.0.0 MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | 4.8 |
| 2018-06-18 | CVE-2018-12530 | Path Traversal vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 6.5 |
| 2018-04-10 | CVE-2018-9985 | Cross-site Scripting vulnerability in Metinfo 6.0.0 The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | 6.1 |
| 2018-04-10 | CVE-2018-9928 | Cross-site Scripting vulnerability in Metinfo 6.0.0 Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | 6.1 |
| 2018-03-07 | CVE-2018-7721 | Cross-site Scripting vulnerability in Metinfo 6.0.0 Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. | 6.1 |
| 2017-09-17 | CVE-2017-14513 | Path Traversal vulnerability in Metinfo 5.3.17 Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | 5.3 |
| 2017-07-19 | CVE-2017-9764 | Cross-site Scripting vulnerability in Metinfo 5.3.17 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | 6.1 |
| 2017-03-27 | CVE-2017-6878 | Cross-site Scripting vulnerability in Metinfo 5.3.15 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. | 5.4 |