Vulnerability Details CVE-2018-19836
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2018-19836
-
cpe:2.3:a:metinfo:metinfo:6.1.3