CVE-2018-18296by Jeremyin Security Bulletinson Posted on October 15, 2018 MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.