NotCVE - vendor:"Metinfo" product:"Metinfo" version:"5.3.18"

3 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-12789

https://notcve.org/view.php?id=CVE-2017-12789

10 May 2019 — Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state. Metinfo versión 5.3.18 que está afectado por: una vulnerabilidad de tipo Cross Site Request Forgery (CSRF). • https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-12790

https://notcve.org/view.php?id=CVE-2017-12790

09 May 2019 — Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state. Metinfo 5.3.18 se ve afectado por: Cross-Site Request Forgery (CSRF). • https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-12788

https://notcve.org/view.php?id=CVE-2017-12788

09 May 2019 — Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter. Múltiples vulnerabilidades de cross-site scripting (XSS) en admin/index.php en Metinfo 5.3.18 permite a los atacantes remotos inyectar secuencias de comandos web arbitrarias o HTML a través del parámetro (1) class1 o (2) anyid. • https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •