CVE-2022-4350: Mingsoft MCMS search.do cross site scripting
First published: Thu Dec 08 2022(Updated: )
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mingsoft MCMS | =5.2.8 | |
| =5.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-4350?
The severity of CVE-2022-4350 is medium.
How can I exploit CVE-2022-4350?
CVE-2022-4350 can be exploited remotely through cross-site scripting (XSS) by manipulating the 'content_title' argument in the 'search.do' file.
What is the affected software for CVE-2022-4350?
The affected software for CVE-2022-4350 is Mingsoft MCMS 5.2.8.
Is there a fix available for CVE-2022-4350?
There is no specific fix mentioned for CVE-2022-4350. It is recommended to follow the vendor's advisory or apply any patches or updates if available.
Where can I find more information about CVE-2022-4350?
More information about CVE-2022-4350 can be found at the following references: https://gitee.com/mingSoft/MCMS/issues/I5MT8Y and https://vuldb.com/?id.215112
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/mingsoft
- canonical/mingsoft mcms
- version/mingsoft mcms/5.2.8