Lucene search
K

11 matches found

EUVD
EUVD
added 2026/03/30 6:31 p.m.2 views

EUVD-2026-17129

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

5.3CVSS5.9AI score0.0041EPSS
Exploits1References3
CVE
CVE
added 2025/07/18 12:0 a.m.22 views

CVE-2025-50581

Summary: CVE-2025-50581 affects MRCMS v3.1.2 and is described as a cross-site scripting (XSS) vulnerability in the /admin/group/save.do component. What’s affected: MRCMS v3.1.2 (web application) as per multiple sources in the connected data. Vulnerability details: XSS via the /admin/group/save.do...

4.8CVSS6.3AI score0.00188EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/07/18 12:0 a.m.5 views

CVE-2025-50581

MRCMS v3.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/group/save.do...

4.8CVSS6.2AI score0.00188EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.8 views

PT-2025-19838 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability has been found in the Category Management Page component, affecting unknown code of the file /admin/category/add.do. The manipulation of the Name argument leads to cross-site scripting. The...

4.8CVSS3.6AI score0.00315EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.9 views

PT-2025-19836 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A problematic issue has been found in the Edit Article Page component. The manipulation of the Title argument leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed ...

5.4CVSS3.2AI score0.0026EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/03/11 12:0 a.m.8 views

PT-2025-10752 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A problem was found in the rename function of the /admin/file/rename.do file in the org.marker.mushroom.controller.FileController component. The manipulation of the name/path argument leads to cross-site...

6.1CVSS4AI score0.00311EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/03/11 12:0 a.m.5 views

PT-2025-10751 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability was found in the function list of the file "/admin/file/list.do" of the component org.marker.mushroom.controller.FileController. The manipulation of the path argument leads to cross-site...

6.1CVSS3.5AI score0.00311EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/02/23 12:22 a.m.18 views

CVE-2025-25766

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...

4.8CVSS7.7AI score0.00296EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/23 12:21 a.m.7 views

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

4CVSS7.5AI score0.00179EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/21 12:0 a.m.6 views

CVE-2025-25768

MRCMS v3.1.2 was discovered to contain a server-side template injection SSTI vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

6.2AI score0.00326EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.5 views

PT-2025-7574 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: The issue is related to a server-side template injection SSTI vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. It is located in the component...

5.4CVSS8AI score0.00326EPSS
Exploits1References5
Rows per page
Query Builder