CVE-2023-3990

Опубликовано: 28 июл. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Средний

Описание

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.

Ссылки

https://gitee.com/mingSoft/MCMS/issues/I7K4DQ
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.235611
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.235611
Third Party Advisory
VDB Entry
https://gitee.com/mingSoft/MCMS/issues/I7K4DQ
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.235611
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.235611
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*

Версия до 5.3.1 (включая)

EPSS

Процентиль: 93%

0.1029

Средний

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rxvj-5mv6-j5mc

CVSS3: 3.5

github

больше 2 лет назад

Cross-site Scripting in Mingsoft MCMS

EPSS

Процентиль: 93%

0.1029

Средний

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79