CVE-2023-3990

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.
References
Link Resource
https://gitee.com/mingSoft/MCMS/issues/I7K4DQ Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.235611 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.235611 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*

History

03 Aug 2023, 13:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*
References (MISC) https://gitee.com/mingSoft/MCMS/issues/I7K4DQ - (MISC) https://gitee.com/mingSoft/MCMS/issues/I7K4DQ - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://vuldb.com/?ctiid.235611 - (MISC) https://vuldb.com/?ctiid.235611 - Permissions Required, Third Party Advisory, VDB Entry
References (MISC) https://vuldb.com/?id.235611 - (MISC) https://vuldb.com/?id.235611 - Third Party Advisory, VDB Entry

28 Jul 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-28 07:15

Updated : 2024-05-17 02:28


NVD link : CVE-2023-3990

Mitre link : CVE-2023-3990

CVE.ORG link : CVE-2023-3990


JSON object : View

Products Affected

mingsoft

  • mcms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')