CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3990 – Mingsoft MCMS HTTP POST Request search.do cross site scripting
https://notcve.org/view.php?id=CVE-2023-3990
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/mingSoft/MCMS/issues/I7K4DQ https://vuldb.com/?ctiid.235611 https://vuldb.com/?id.235611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27466
https://notcve.org/view.php?id=CVE-2022-27466
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. Se ha detectado que MCMS versión v5.2.27, contiene una vulnerabilidad de inyección SQL en el parámetro orderBy en /dict/list.do • https://github.com/ming-soft/MCMS/issues/90 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •