CVE-2023-3990

LOW NUCLEI

Mingsoft Mcms < 5.3.1 - XSS

Title source: rule

Description

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.

Exploits (1)

gitee 32,018 stars

by mingSoft · javawriteup

https://gitee.com/mingSoft/MCMS/issues/I7K4DQ

Nuclei Templates (1)

Mingsoft MCMS < 5.3.1 - Cross-Site Scripting

MEDIUMby ritikchaddha

Shodan: http.favicon.hash:1464851260

FOFA: icon_hash="1464851260"

References (3)

[Exploit, Issue Tracking, Third Party Advisory] https://gitee.com/mingSoft/MCMS/issues/I7K4DQ

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.235611

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.235611

Scores

CVSS v3 3.5

EPSS 0.1029

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

mingsoft/mcms < 5.3.1

net.mingsoft/ms-mcms < 5.3.2Maven

Timeline

Published Jul 28, 2023

Tracked Since Feb 18, 2026