CVE-2025-4325: MRCMS Category Management Page add.do cross site scripting
First published: Tue May 06 2025(Updated: )
A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mrcms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4325?
CVE-2025-4325 is classified as a problematic vulnerability affecting MRCMS 3.1.2.
How do I fix CVE-2025-4325?
To fix CVE-2025-4325, ensure that you validate and sanitize user input on the /admin/category/add.do page.
What type of vulnerability is CVE-2025-4325?
CVE-2025-4325 is a cross site scripting (XSS) vulnerability.
Which component is affected by CVE-2025-4325?
CVE-2025-4325 affects the Category Management Page component of MRCMS.
What is the potential impact of CVE-2025-4325?
The potential impact of CVE-2025-4325 includes unauthorized script execution in a user's browser.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/mrcms
- canonical/mrcms