CVE-2023-3990
Cross-site Scripting in Mingsoft MCMS
3.5
LOW
CVSS 3.1
EPSS 12.0%
Description
A Cross-site Scripting vulnerability has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.
How to fix CVE-2023-3990
To remediate CVE-2023-3990, upgrade the affected package to a fixed version below.
- —upgrade to 5.3.2 or later
Is CVE-2023-3990 being exploited?
Moderate — EPSS is 12.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 5.3.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |