What is CVE-2023-3990?

CVE-2023-3990 is a low-severity vulnerability in Mingsoft Mcms, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2023-07-28.

How severe is CVE-2023-3990?

Low severity. CVSS v3 base score is 3.5 out of 10.

XSS in Mingsoft Mcms

CVE-2023-3990

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross sit…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.120 (93.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Mingsoft Mcms — versions 5.3.0, 5.3.1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

vuldb.com/ (vdb-entry, technical-description)
vuldb.com/ (signature, permissions-required)
gitee.com/mingSoft/MCMS/issues/I7K4DQ (exploit, issue-tracking)

Frequently asked questions

What is CVE-2023-3990?: CVE-2023-3990 is a low-severity vulnerability in Mingsoft Mcms, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2023-07-28.
How severe is CVE-2023-3990?: Low severity. CVSS v3 base score is 3.5 out of 10.