Browse all 7 CVE security advisories affecting Mingsoft. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Mingsoft develops enterprise content management and low-code development platforms used for building business applications. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and access control issues. The company has accumulated 7 CVEs to date, with several critical RCE vulnerabilities allowing unauthorized system compromise. While no major public security incidents have been widely reported, their consistent vulnerability patterns suggest ongoing challenges in secure coding practices, particularly in user input handling and permission management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4954 | mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection — MCMSCWE-89 | 6.3 | Medium | 2026-03-27 |
| CVE-2026-4953 | mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery — MCMSCWE-918 | 7.3 | High | 2026-03-27 |
| CVE-2026-2666 | mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload — MCMSCWE-434 | 4.7 | Medium | 2026-02-18 |
| CVE-2023-3990 | Mingsoft MCMS HTTP POST Request search.do cross site scripting — MCMSCWE-79 | 3.5 | Low | 2023-07-28 |
| CVE-2022-4640 | Mingsoft MCMS Article save cross site scripting — MCMSCWE-707 | 3.5 | Low | 2022-12-21 |
| CVE-2022-4375 | Mingsoft MCMS list sql injection — MCMSCWE-707 | 6.3 | Medium | 2022-12-09 |
| CVE-2022-4350 | Mingsoft MCMS search.do cross site scripting — MCMSCWE-707 | 3.5 | Low | 2022-12-08 |
This page lists every published CVE security advisory associated with Mingsoft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.