CVE-2025-60837

Medium CVSS: 6.1

A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.

Vendor

Mingsoft

Product

Mcms

CWE

CWE-79

Yayın Tarihi

2025-10-23 19:15:50

Güncelleme

2025-10-27 20:13:17

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Mcms MEDIUM Mingsoft 2025

Referanslar

http://mcms.com https://gist.github.com/xuzhiwei66666666/5cec37c9f674a08bc0d8654d42b4137a https://gitee.com/mingSoft/MCMS

Benzer Kayıtlar

Medium

CVE-2026-2666

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTem…

Critical

CVE-2025-56316

A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remo…

Medium

CVE-2025-60838

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted…

Critical

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary cod…