Mingsoft: community verdicts
3 notable / known-exploited Mingsoft CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Mingsoft CVE, see NVD ↗.
- CVE-2025-29287CRIT 9.8Real · low riskEPSS 1%
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2025-60838MED 6.5EPSS 0%
An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2025-60837MED 6.1EPSS 0%
A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.