CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4325: MRCMS Category Management Page add.do cross site scripting

4.8 CVSS

Description

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In MRCMS 3.1.2 wurde eine problematische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalität der Datei /admin/category/add.do der Komponente Category Management Page. Durch das Beeinflussen des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-4325

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.8

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem Types

Cross Site Scripting Code Injection

Affected Products

Vendor: n/a

Product: MRCMS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.04% (scored less or equal to compared to others)

EPSS Date: 2025-06-04 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4325
https://vuldb.com/?id.307426
https://vuldb.com/?ctiid.307426
https://vuldb.com/?submit.563545
https://github.com/bdkuzma/vuln/issues/6

Timeline

2025-05-06 07:40:10 UTC
CVE

MRCMS Category Management Page add.do cross site scripting