CVE-2022-4350 – net.mingsoft:ms-mcms

Package

Manager: maven
Name: net.mingsoft:ms-mcms
Vulnerable Version: >=0 <=5.2.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00075 pctl0.23195

Details

Mingsoft MCMS vulnerable to Cross-site Scripting A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.

Metadata

Created: 2022-12-08T12:30:26Z
Modified: 2022-12-08T15:16:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-p46c-m4j7-mjvq/GHSA-p46c-m4j7-mjvq.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-p46c-m4j7-mjvq
Finding: F008
Auto approve: 1