New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stored XSS Vulnerability exists in the all versions of Metinfo 6. #2

Open
Ppsoft1990 opened this Issue Dec 26, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@Ppsoft1990
Copy link
Owner

Ppsoft1990 commented Dec 26, 2018

Stored XSS Vulnerability exists in the all versions of Metinfo 6(6.0.0,6.1.0,6.1.1,6.1.2,6.1.3),which can be executed javascript code.
Metinfo 6.* allows XSS via the /admin/login/login_check.php url_array parameter.

Metinfo official website:
https://www.metinfo.cn/

Metinfo 6.* source code download page
Metinfo 6.* source code history page

View the doc:
Metinfo 6.*全版本存储型XSS.docx

Mail to: sysorem.li#dbappsecurity.com.cn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment