CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9928
https://notcve.org/view.php?id=CVE-2018-9928
10 Apr 2018 — Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en save.php en MetInfo 6.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante los parámetros webname o weburl. • https://github.com/Sm1L3ing/xss-in-metinfo/blob/master/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7721
https://notcve.org/view.php?id=CVE-2018-7721
07 Mar 2018 — Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. Existe Cross-Site Scripting (XSS) en MetInfo 6.0.0 mediante /feedback/index.php debido a que app/system/feedback/web/feedback.class.php gestiona de manera incorrecta los datos de entrada. • https://github.com/Gitaddy/vluns/blob/master/Metinfo.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7271
https://notcve.org/view.php?id=CVE-2018-7271
21 Feb 2018 — An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell. Se ha descubierto un problema en MetInfo 6.0.0. En install/install.php en el proceso de instalación, el filtrado de archivos de configuración config/config_db.php no es riguroso: alguien podría insertar código malicioso en el proceso de... • https://github.com/SQYY/CVE/blob/master/MetInfo_G.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •