CVE-2022-4350

Опубликовано: 08 дек. 2022

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.

Ссылки

https://gitee.com/mingSoft/MCMS/issues/I5MT8Y
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?id.215112
Third Party Advisory
https://gitee.com/mingSoft/MCMS/issues/I5MT8Y
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?id.215112
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mingsoft:mcms:5.2.8:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00177

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-707

Связанные уязвимости

GHSA-p46c-m4j7-mjvq

github

около 3 лет назад

Mingsoft MCMS vulnerable to Cross-site Scripting

EPSS

Процентиль: 39%

0.00177

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-707