Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-3990 PoC — MingSoft MCMS 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-3990.yaml
Associated Vulnerability
Title:MingSoft MCMS 跨站脚本漏洞 (CVE-2023-3990)
Description:MingSoft MCMS是中国铭飞(MingSoft)公司的一个完整开源的 J2ee 系统。 Mingsoft MCMS 5.3.1及之前版本存在跨站脚本漏洞,该漏洞源于文件search.do的参数style会导致跨站脚本。
Description
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.
File Snapshot

 id: CVE-2023-3990

info:
  name: Mingsoft MCMS < 5.3.1 - Cross-Site Scripting
  author: ritikchaddha

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.