[MAVEN:GHSA-P46C-M4J7-MJVQ] Mingsoft MCMS vulnerable to Cross-site Scripting

Severity Moderate

Affected Packages 1

CVEs 1

A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.

Package	Affected Version
pkg:maven/net.mingsoft/ms-mcms	<= 5.2.8

ID: MAVEN:GHSA-P46C-M4J7-MJVQ
Severity: moderate
URL: https://github.com/advisories/GHSA-p46c-m4j7-mjvq
Published: 2022-12-08T12:30:26
(21 months ago)
Modified: 2023-02-02T05:02:56
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-4350
			https://gitee.com/mingSoft/MCMS/issues/I5MT8Y
			https://vuldb.com/?id.215112
			https://github.com/advisories/GHSA-p46c-m4j7-mjvq

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/net.mingsoft/ms-mcms	net.mingsoft	ms-mcms	<= 5.2.8

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date