17 matches found
CVE-2023-3990
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotel...
CVE-2022-4350 Mingsoft MCMS search.do cross site scripting
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument contenttitle leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed ...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.2.8, which stems from the manipulation of the contenttitle parameter by an unknown function in the search.do file, leading to cross-site scripting. The attack meth...
SQL injection in net.mingsoft:ms-mcms
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...
GHSA-968C-MM28-JFW4 SQL injection in net.mingsoft:ms-mcms
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...
MingSoft Mcms SQL Injection Vulnerability (CNVD-2022-18534)
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.5 that allows an attacker to perform a SQL injection attack via the search.do parameter in the file /web/MCmsAction.java. No details of the vulnerability...
CVE-2022-25125
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp...
CVE-2022-25125
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp...
CVE-2022-23899
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...
Sql injection
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...
Sql injection
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp...
CVE-2022-25125
MCMS v5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can potentially obtain sensitive information, modify data, or execute unauthorized administrative operations in the context of the affected site. CVSS details indicate a high/chary ...
CVE-2022-25125
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp...
CVE-2022-23899
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...
Cross site scripting
Cross-site scripting XSS vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2006-2343
The provided documents identify CVE-2006-2343 as a cross-site scripting (XSS) vulnerability in ManageEngine OpManager 6.0, affecting the Search.do path via the searchTerm parameter. The root cause is improper handling of user-supplied input leading to injected web script/HTML. Impact is remote co...