Skip to main content

MRCMS CVE-2025-50581

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2025-07-18 cve@mitre.org
4.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
4.8 MEDIUM

Admin authentication required (PR:H), victim interaction needed (UI:R), scope changes to other sessions (S:C); no availability impact.

3.1 AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 02:20 vuln.today

DescriptionCVE.org

MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do.

AnalysisAI

Stored cross-site scripting in MRCMS 3.1.2's admin group management endpoint allows an authenticated administrator to inject malicious JavaScript via /admin/group/save.do, which executes in the browser of any other admin who subsequently visits the affected page. The scope-changed CVSS vector (S:C) confirms the impact crosses the security boundary from the injecting session to other users' sessions. A publicly available proof-of-concept exists on GitHub, though EPSS sits at 0.22% (13th percentile), indicating limited observed exploitation activity at time of analysis.

Technical ContextAI

CWE-79 (Improper Neutralization of Input During Web Page Generation) describes the root cause: MRCMS 3.1.2 fails to sanitize or encode user-supplied input before rendering it in the HTML response of the /admin/group/save.do endpoint. The CPE string cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:* pinpoints the exact affected release. The CVSS Scope:Changed metric indicates the vulnerability affects a security context beyond the originating session - classically the symptom of stored XSS where a persisted payload is later rendered to other authenticated users. MRCMS is a Java-based content management system hosted on Gitee (https://gitee.com/marker/MRCMS), suggesting a primarily Chinese-market audience and limited external security vetting.

RemediationAI

No vendor-released patched version has been identified at time of analysis; the NVD references point only to the project repository at https://gitee.com/marker/MRCMS and to the POC issue at https://github.com/SimonKang949/Vulnerabilities/issues/6, not to a tagged fix release. Operators should monitor the Gitee repository for a remediation commit or release. As a compensating control, restrict access to the /admin/group/save.do endpoint to the minimum necessary set of administrator accounts, reducing the pool of potential attackers who can inject payloads. Implementing a Content Security Policy (CSP) header that disallows inline scripts will limit the impact of any XSS payload that does execute, though this does not eliminate the underlying injection flaw. Enabling HTTP-only and Secure flags on session cookies limits the value of session-hijacking payloads. These controls reduce exploit impact but do not remediate the root-cause input validation deficiency.

More in Mrcms

View all
CVE-2024-48177 HIGH POC
8.8 Oct 28

MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do. Rated high severit

CVE-2024-24161 HIGH POC
7.5 Feb 02

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not fil

CVE-2024-25428 MEDIUM POC
6.5 Feb 20

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.

CVE-2025-25768 MEDIUM POC
5.4 Feb 21

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\D

CVE-2024-24160 MEDIUM POC
5.4 Feb 02

MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. Rated medium severity (CVSS

CVE-2025-4327 MEDIUM POC
5.3 May 06

A vulnerability was found in MRCMS 3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,

CVE-2025-4325 MEDIUM POC
4.8 May 06

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. Rated medium severity (CVSS 4.8), this vuln

CVE-2025-25766 MEDIUM POC
4.8 Feb 21

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute ar

CVE-2025-4326 MEDIUM POC
4.8 May 06

A vulnerability was found in MRCMS 3.1.2 and classified as problematic.do of the component Add Fragment Page. Rated medi

CVE-2025-4324 MEDIUM POC
4.8 May 06

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), this v

CVE-2025-4323 MEDIUM POC
4.8 May 06

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), t

CVE-2025-4293 MEDIUM POC
4.8 May 05

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerabi

Share

CVE-2025-50581 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy