Main Vulnerability Database Vulnerabilities #VU35924

Cross-site scripting in Metinfo - CVE-2017-12788

Published: May 9, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35924

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-12788

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Metinfo

Affected software:
Metinfo

Detailed vulnerability description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

How to mitigate CVE-2017-12788

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md

Cross-site scripting in Metinfo - CVE-2017-12788

Detailed vulnerability description

How to mitigate CVE-2017-12788

Sources

Please verify you're human