CVE-2023-3990
Summary
| CVE | CVE-2023-3990 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-28 07:15:00 UTC |
| Updated | 2023-11-07 04:20:00 UTC |
| Description | A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2023-3990: Mingsoft MCMS HTTP POST Request search.do cross site scripting (I7K4DQ) | MISC | vuldb.com | |
| Login required | MISC | vuldb.com | |
| 政务版存在xss跨站脚本攻击 · Issue #I7K4DQ · 铭飞/MCMS - Gitee.com | MISC | gitee.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.