CVE-2022-4640

A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499.

Published: Dec 21, 2022
Updated: Nov 8, 2023
CVE: CVE-2022-4640
GHSA: GHSA-6rvv-h8g7-728w
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-74
CWE-79
CWE-707

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
mingsoft / mcms	5.2.9	5.2.9.x
net.mingsoft / ms-mcms	-	5.2.9.x

https://gitee.com/mingSoft/MCMS/issues/I65KI5
https://vuldb.com/?id.216499

Vulnerability Database

CVE-2022-4640

Deep Security Visibility Without the Complexity