Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.
AnalysisAI
MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. Affected products include: Mrcms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do. Rated high severit
MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not fil
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.
MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\D
A vulnerability was found in MRCMS 3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,
A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. Rated medium severity (CVSS 4.8), this vuln
Stored cross-site scripting in MRCMS 3.1.2's admin group management endpoint allows an authenticated administrator to in
An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute ar
A vulnerability was found in MRCMS 3.1.2 and classified as problematic.do of the component Add Fragment Page. Rated medi
A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), this v
A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), t
A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerabi
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today