{"api_version":"1","generated_at":"2026-06-04T22:35:45+00:00","cve":"CVE-2023-3990","urls":{"html":"https://cve.report/CVE-2023-3990","api":"https://cve.report/api/cve/CVE-2023-3990.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3990","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3990"},"summary":{"title":"CVE-2023-3990","description":"A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2023-07-28 07:15:00","updated_at":"2023-11-07 04:20:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://vuldb.com/?id.235611","name":"https://vuldb.com/?id.235611","refsource":"MISC","tags":[],"title":"CVE-2023-3990: Mingsoft MCMS HTTP POST Request search.do cross site scripting (I7K4DQ)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?ctiid.235611","name":"https://vuldb.com/?ctiid.235611","refsource":"MISC","tags":[],"title":"Login required","mime":"text/html","httpstatus":"401","archivestatus":"404"},{"url":"https://gitee.com/mingSoft/MCMS/issues/I7K4DQ","name":"https://gitee.com/mingSoft/MCMS/issues/I7K4DQ","refsource":"MISC","tags":[],"title":"政务版存在xss跨站脚本攻击 · Issue #I7K4DQ · 铭飞/MCMS - Gitee.com","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3990","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3990","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3990","vulnerable":"1","versionEndIncluding":"5.3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mingsoft","cpe5":"mcms","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-3990","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611."},{"lang":"deu","value":"Es wurde eine Schwachstelle in Mingsoft MCMS bis 5.3.1 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei search.do der Komponente HTTP POST Request Handler. Mit der Manipulation des Arguments style mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross Site Scripting","cweId":"CWE-79"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mingsoft","product":{"product_data":[{"product_name":"MCMS","version":{"version_data":[{"version_affected":"=","version_value":"5.3.0"},{"version_affected":"=","version_value":"5.3.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://vuldb.com/?id.235611","refsource":"MISC","name":"https://vuldb.com/?id.235611"},{"url":"https://vuldb.com/?ctiid.235611","refsource":"MISC","name":"https://vuldb.com/?ctiid.235611"},{"url":"https://gitee.com/mingSoft/MCMS/issues/I7K4DQ","refsource":"MISC","name":"https://gitee.com/mingSoft/MCMS/issues/I7K4DQ"}]},"credits":[{"lang":"en","value":"VulDB Gitee Analyzer"}],"impact":{"cvss":[{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"},{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"},{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}]}},"nvd":{"publishedDate":"2023-07-28 07:15:00","lastModifiedDate":"2023-11-07 04:20:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*","versionEndIncluding":"5.3.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}