Primary

Context

MRCMS Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in MRCMS version 3.1.2. This issue allows remote attackers to exploit the login status of users, potentially leading to unauthorized actions being performed on behalf of the user. Such actions could include leaking user information, tampering with accounts, or unintentionally triggering sensitive operations.

Impact

Exploitation of this vulnerability could result in unauthorized actions being performed on behalf of the user, potentially leading to account tampering or unintentional execution of sensitive operations.

Remediation

To address this CSRF vulnerability, it is recommended to verify the source of requests by checking the Referer or Origin headers, use CSRF tokens, set the SameSite attribute for cookies, and require additional authentication for sensitive actions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MRCMS Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

MRCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating