CVE-2025-4326: MRCMS Add Fragment Page add.do cross site scripting
First published: Tue May 06 2025(Updated: )
A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add Fragment Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mrcms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4326?
CVE-2025-4326 is classified as a problematic vulnerability affecting MRCMS 3.1.2.
How do I fix CVE-2025-4326?
To fix CVE-2025-4326, update MRCMS to the latest version provided by the vendor.
What types of attack can be executed through CVE-2025-4326?
CVE-2025-4326 allows for cross site scripting attacks that can be initiated remotely.
Which component is affected by CVE-2025-4326?
CVE-2025-4326 affects the Add Fragment Page of MRCMS found at /admin/chip/add.do.
Is CVE-2025-4326 easy to exploit?
Yes, CVE-2025-4326 can be exploited remotely, making it a concerning vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/type
- agent/title
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/mrcms
- canonical/mrcms