Summary Vulnerability: Cross-Site Scripting (XSS) in Mingsfot MCMS 5.2.9 CVE ID: CVE-2022-4640 VDB ID: VDB-216499 Impact: Problematic - Affects the function of the component Attack Vector: Remote Exploit: Publicly available and can be downloaded from gitee.com Details Product: Mingsfot MCMS 5.2.9 Component: Article Handler ( function) CWE: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) Vulnerability Nature: Manipulation with unknown input leads to XSS Impact: Affects the integrity of the web page served to other users Disclosure Date: December 21, 2022 Advisory Source: gitee.com Technical Information: Proof-of-concept (PoC) exploit available for download Mitigation: Upgrading the affected component is required Additional Information Attack Technique: T1059.007 according to MITRE ATT&CK framework