CVE-2022-4350

Published: Dec 8, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.

Affected (1)

Products: Mingsoft: Mcms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mingsoft Mcms	Version 5.2.8

Related CWEs

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

References (4)

https://gitee.com/mingSoft/MCMS/issues/I5MT8Y

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?id.215112

Source: cna@vuldb.com

Third Party Advisory

https://gitee.com/mingSoft/MCMS/issues/I5MT8Y

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?id.215112

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.