CNNVD-202510-465 Information
Oct 03, 2025
cve
CNNVD ID
CNNVD-202510-465
Related CVE
- CNNVD Published: 2025-10-03
Description (Chinese)
MetInfo CMS是中国米拓(MetInfo)公司的一个内容管理系统。 MetInfo CMS 8.0版本存在安全漏洞,该漏洞源于列管理模块中上传恶意SVG文件时未充分验证,可能导致存储型跨站脚本攻击。
Description (English)
MetInfo CMS is a content management system for MetInfo in China. There is a security loophole in version 8.0 of MetInfo CMS, which stems from the fact that malicious SVG files were not sufficiently verified for uploading in the column management module and could result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
米拓
Published
2025-10-03
Last Modified
2026-02-24
References
https://snowhy77.github.io/2025/08/22/Stored-XSS-in-MetInfo-Column-Module/
Patch
https://www.metinfo.cn/download/92.html
Share on: