CVE-2025-2194: MRCMS org.marker.mushroom.controller.FileController list.do list cross site scripting
First published: Tue Mar 11 2025(Updated: )
A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mrcms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2194?
CVE-2025-2194 has been classified as a problematic vulnerability.
How does CVE-2025-2194 affect MRCMS?
CVE-2025-2194 affects the function list of the file /admin/file/list.do in MRCMS, allowing for cross-site scripting due to argument manipulation.
How do I fix CVE-2025-2194?
To fix CVE-2025-2194, ensure that input sanitization is implemented in the affected file to prevent cross-site scripting.
What kind of attack can be performed through CVE-2025-2194?
CVE-2025-2194 allows attackers to perform cross-site scripting attacks by manipulating the argument path.
Which versions of MRCMS are affected by CVE-2025-2194?
CVE-2025-2194 affects MRCMS version 3.1.2.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/severity
- agent/author
- agent/tags
- agent/event
- vendor/mrcms
- canonical/mrcms