All 7 CVE vulnerabilities found in MCMS, with AI-generated Chinese analysis, references, and POCs.
Vendor: Mingsoft
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4954 | mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection CWE-89 | 6.3 | Medium | 2026-03-27 |
| CVE-2026-4953 | mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery CWE-918 | 7.3 | High | 2026-03-27 |
| CVE-2026-2666 | mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload CWE-434 | 4.7 | Medium | 2026-02-18 |
| CVE-2023-3990 | Mingsoft MCMS HTTP POST Request search.do cross site scripting CWE-79 | 3.5 | Low | 2023-07-28 |
| CVE-2022-4640 | Mingsoft MCMS Article save cross site scripting CWE-707 | 3.5 | Low | 2022-12-21 |
| CVE-2022-4375 | Mingsoft MCMS list sql injection CWE-707 | 6.3 | Medium | 2022-12-09 |
| CVE-2022-4350 | Mingsoft MCMS search.do cross site scripting CWE-707 | 3.5 | Low | 2022-12-08 |
All 7 known CVE vulnerabilities affecting MCMS with full Chinese analysis, references, and POCs where available.