[FD] [CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting

Hello: The following is my application vulnerabilities. －－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－ －－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－ [CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting Application: MetInfo Versions Affected: 5.3.15 Vendor URL: http://www.metinfo.cn/ Software Link:http://ift.tt/2ny1gyz Bugs: Stored XSS Author:Arice.chen(DBAPPSecurity Ltd) Description: MetInfo was established in March 2009, is a enterprise CMS, more than 40 m enterprises in the use of MeInfo build their own enterprise website. Vulnerability details： To modify, add a message in problem position insert JavaScript test code Then the background access to relevant pages, or other users access to the front desk page will make the attack code is executed.

Source: Gmail -> IFTTT-> Blogger