CVE-2025-4324: MRCMS External Link Management Page edit.do cross site scripting
First published: Tue May 06 2025(Updated: )
A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mrcms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4324?
CVE-2025-4324 is classified as problematic due to its potential for cross-site scripting attacks.
What components are affected by CVE-2025-4324?
CVE-2025-4324 specifically affects the External Link Management Page in MRCMS version 3.1.2.
How can I mitigate CVE-2025-4324?
To mitigate CVE-2025-4324, it is recommended to sanitize user inputs on the /admin/link/edit.do page.
What types of attacks can be initiated due to CVE-2025-4324?
CVE-2025-4324 allows for cross-site scripting attacks, which could potentially lead to unauthorized actions on behalf of users.
Is CVE-2025-4324 exploitable remotely?
Yes, CVE-2025-4324 can be exploited remotely, allowing attackers to inject malicious scripts.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/mrcms
- canonical/mrcms