Description
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Apply Patch
AI Analysis

Impact

The flaw is an unsanitized user‑supplied argument in the Search field of an internal admin page that allows the injection of arbitrary script code. When an attacker succeeds, the malicious script runs in the browser context of any user that views the page, enabling theft of session cookies, defacement, or further phishing. The weakness is a classic reflected XSS (CWE‑79) with an added possibility of arbitrary code execution via reflection (CWE‑94).

Affected Systems

The vulnerability is present in dameng100 muucmf version 1.9.5.20260309. The affected component is the /admin/Member/index.html page, specifically an unknown function that processes the Search query. No other versions or builds are listed, and the vendor did not announce a fix.

Risk and Exploitability

The score of 5.3 suggests moderate client‑side impact. Attackers can trigger it remotely without authentication, making the weakness widely exploitable. No EPSS value is published, and the issue is not listed in the KEV catalog. Since the vendor has not released a patch, the risk remains until a new release or a manual mitigation is applied. The attacker could compromise the confidentiality and integrity of the user session in the affected system.

Generated by OpenCVE AI on March 26, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Seek the latest version of dameng100 muucmf that includes a patch for the XSS flaw
  • If a patch is unavailable, restrict or disable access to the /admin/Member/index.html page from untrusted hosts
  • Implement server‑side validation or sanitization of the Search parameter before rendering it in responses

Generated by OpenCVE AI on March 26, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Dameng100
Dameng100 muucmf
Vendors & Products Dameng100
Dameng100 muucmf

Thu, 26 Mar 2026 06:00:00 +0000

Type Values Removed Values Added
Description A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title dameng100 muucmf index.html cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Dameng100 Muucmf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-26T13:54:43.815Z

Reserved: 2026-03-25T14:51:22.498Z

Link: CVE-2026-4845

cve-icon Vulnrichment

Updated: 2026-03-26T13:54:38.915Z

cve-icon NVD

Status : Deferred

Published: 2026-03-26T06:16:09.533

Modified: 2026-04-24T16:35:20.070

Link: CVE-2026-4845

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:08:28Z

Weaknesses