Lucene search
K

11 matches found

Veracode
Veracode
added 2025/10/27 11:16 a.m.6 views

Cross-site Scripting (XSS)

net.mingsoft:ms-mcms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser through a crafted payload...

6.1CVSS6.7AI score0.00184EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/01/04 1:51 p.m.17 views

SQL Injection

net.mingsoft: ms-mcms is vulnerable to SQL Injection. The vulnerability exists via the category Type parameter within /content/list.do, which allows an attacker to manipulate the backend database by injecting malicious SQL commands...

9.8CVSS7.3AI score0.02222EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/04/27 8:45 a.m.24 views

SQL Injection

net.mingsoft, ms-mcms is vulnerable to SQL Injection. The vulnerability exists because the library does not properly validate the query strings in the basictitle parameter , allowing an attacker to inject and execute malicious SQL queries...

9.8CVSS9.4AI score0.01423EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/02/08 6:46 a.m.17 views

Arbitrary File Write

net.mingsoft:ms-mcms is vulnerable to Arbitrary File Write. An authenticated attacker is able to cause an arbitrary file write via the ms/template/writeFileContent.do component due to unrestricted file upload...

8.8CVSS8.4AI score0.01025EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2022/12/12 7:7 a.m.20 views

SQL Injection

net.mingsoft, ms-mcms is vulnerable to SQL injection. The vulnerability exists due to improper sanitization in the get function of categoryaction.java due to manipulation in the argument sqlWhere, via the /cms/category/list endpoint...

9.8CVSS9.5AI score0.0289EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/05 12:0 a.m.41 views

Remote code execution in net.mingsoft:ms-mcms

net.mingsoft:ms-mcms =5.2.5 is affected by: RCE. The impact is: execute arbitrary code remote. The attack vector is: $"freemarker.template.utility.Execute"?new"calc". ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise...

9.8CVSS5AI score0.02077EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/03/04 12:0 a.m.15 views

GHSA-968C-MM28-JFW4 SQL injection in net.mingsoft:ms-mcms

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...

9.8CVSS9.8AI score0.01064EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/03/04 12:0 a.m.22 views

SQL injection in net.mingsoft:ms-mcms

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...

9.8CVSS4.2AI score0.07734EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2018/10/31 4:19 p.m.22 views

Remote Code Execution (RCE)

ms-mcms is vulnerable to a remote code execution RCE attack. The application does not verify user login statuses, allowing a malicious user to upload jsp files with .png filenames to inject and execute arbitrary JSP code...

9.8CVSS9.8AI score0.01205EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2018/10/31 8:38 a.m.17 views

Arbitrary File Write

ms-mcms is vulnerable to arbitrary file write attacks. The vulnerability exists in com/mingsoft/cms/action/GeneraterAction.java where the value of the url parameter could be used to specify arbitrary .jsp files to be written...

7.5CVSS7.4AI score0.01543EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2018/09/24 4:20 a.m.16 views

Cross-Site Request Forgery (CSRF)

ms-mcms is vulnerable to cross-site forgery request. An attacker is able to trick an administrator into visiting a malicious HTML page which adds an administrator account on behalf of the victim...

8.8CVSS8.3AI score0.00572EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder