Home > Vulnerability Database > CVE-2022-4350

Mend.io Vulnerability Database

CVE-2022-4350

Date: December 7, 2022

A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.

Language: Java

Severity Score

3.5

Related Resources (5)

Url: https://vuldb.com/?id.215112

Url: https://github.com/ming-soft/MCMS

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-4350

Url: https://gitee.com/mingSoft/MCMS/issues/I5MT8Y

Url: https://www.mend.io/vulnerability-database/CVE-2022-4350

Severity Score

3.5

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Neutralization

CWE-707

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-4350

Date: December 7, 2022

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?