Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stored XSS Vulnerability exists in the all versions of Metinfo 6. #2

Open
Ppsoft1990 opened this issue Dec 26, 2018 · 0 comments
Open

Comments

@Ppsoft1990
Copy link
Owner

Ppsoft1990 commented Dec 26, 2018

Stored XSS Vulnerability exists in the all versions of Metinfo 6(6.0.0,6.1.0,6.1.1,6.1.2,6.1.3),which can be executed javascript code.
Metinfo 6.* allows XSS via the /admin/login/login_check.php url_array parameter.

Metinfo official website:
https://www.metinfo.cn/

Metinfo 6.* source code download page
Metinfo 6.* source code history page

View the doc:
Metinfo 6.*全版本存储型XSS.docx

Mail to: sysorem.li#dbappsecurity.com.cn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant