Primary

Context

MRCMS Stored Cross-Site Scripting Vulnerability in Category Management Page

Vulnerability

A stored cross-site scripting vulnerability has been identified in MRCMS version 3.1.2, specifically within the Category Management Page interface at '/admin/category/add.do'. This vulnerability allows for the injection of malicious scripts through the 'Name' argument, which can be executed remotely. The issue has been publicly disclosed and could potentially be exploited to steal sensitive user information, manipulate page content, or distribute malware, posing significant risks to user privacy and the reputation of affected websites.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

It is recommended to filter data input from the front end and perform HTML entity encoding on data output to the front end.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

6.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

6.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MRCMS Stored Cross-Site Scripting Vulnerability in Category Management Page

Vulnerability

Impact

Remediation

Affected Products

MRCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating