CNNVD-202510-468 Information
Oct 03, 2025
cve
CNNVD ID
CNNVD-202510-468
Related CVE
- CNNVD Published: 2025-10-03
Description (Chinese)
MetInfo CMS是中国米拓(MetInfo)公司的一个内容管理系统。 MetInfo CMS 8.0版本存在安全漏洞,该漏洞源于SVG文件上传验证和清理不足,可能导致存储型跨站脚本攻击。
Description (English)
MetInfo CMS is a content management system for MetInfo in China. There is a security loophole in version 8.0 of MetInfo CMS, which stems from inadequate uploading and clean-up of SVG files, which may lead to storage-type cross-site script attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
米拓
Published
2025-10-03
Last Modified
2026-02-24
References
https://snowhy77.github.io/2025/08/22/Stored-XSS-Vulnerability-in-MetInfo-Webset-Module/
Patch
https://www.metinfo.cn/download/92.html
Share on: