Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wNDZjLW00ajctbWp2cc4AAwNP
Mingsoft MCMS vulnerable to Cross-site Scripting
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.
Permalink: https://github.com/advisories/GHSA-p46c-m4j7-mjvqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNDZjLW00ajctbWp2cc4AAwNP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
Identifiers: GHSA-p46c-m4j7-mjvq, CVE-2022-4350
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-4350
- https://gitee.com/mingSoft/MCMS/issues/I5MT8Y
- https://vuldb.com/?id.215112
- https://github.com/advisories/GHSA-p46c-m4j7-mjvq
Affected Packages
maven:net.mingsoft:ms-mcms
Dependent packages: 3Dependent repositories: 2
Downloads:
Affected Version Ranges: <= 5.2.8
No known fixed version
All affected versions: 4.6.5, 4.7.1, 4.7.2, 5.0.0, 5.0.1, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8