CNNVD-202510-3213 Information

CNNVD ID

CNNVD-202510-3213

Related CVE

CVE-2025-60837

• CNNVD Published: 2025-10-23

Description (Chinese)

MingSoft MCMS是中国铭飞（MingSoft）公司的一个完整开源的 J2ee 系统。 MingSoft MCMS v6.0.1版本存在安全漏洞，该漏洞源于反射型跨站脚本，可能导致攻击者在用户浏览器环境中执行任意Javascript。

Description (English)

MingSoft MCMS is a complete open-source J2ee system for MinSoft. MingSoft MCMS v.6.0.1 has a security loophole, which stems from a reflector-type cross-site script and may result in the assailants executing any Javascript in the user browser environment.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

铭飞

Published

2025-10-23

Last Modified

2026-02-24

References

http://mcms.com https://gist.github.com/xuzhiwei66666666/5cec37c9f674a08bc0d8654d42b4137a https://gitee.com/mingSoft/MCMS https://access.redhat.com/security/cve/cve-2025-60837