CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mingsoft: >> Mcms >> 6.0.1 Security Vulnerabilities

CVE-2025-60837

A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.

CVSS Score

6.1

EPSS Score

0.0

Published

2025-10-23

CVE-2025-56316

A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.

CVSS Score

9.8

EPSS Score

0.001

Published

2025-10-17

CVE-2025-60838

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.

CVSS Score

6.5

EPSS Score

0.001

Published

2025-10-10

Page 1

Vulnerabilities

Vulnerable Software

Mingsoft: >> Mcms >> 6.0.1 Security Vulnerabilities

Products

Pricing

Contact Us