22 matches found
CVE-2026-31272
MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...
CVE-2026-31272
MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...
CVE-2025-4323
A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has...
CVE-2025-4327
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints...
CVE-2025-4327
CVE-2025-4327 concerns MRCMS 3.1.2 where an unknown function is susceptible to cross-site request forgery. The vulnerability is described as exploitable remotely, with multiple endpoints potentially affected. Core details such as the affected component/function and root cause are explicitly state...
CVE-2025-4325
A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated...
CVE-2025-4325 MRCMS Category Management Page add.do cross site scripting
A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated...
CVE-2025-4324 MRCMS External Link Management Page edit.do cross site scripting
A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...
CVE-2025-4324
The CVE concerns MRCMS 3.1.2 and the External Link Management Page (file path: /admin/link/edit.do). The issue is a cross-site scripting (XSS) vulnerability that can be exploited remotely; the exploit has been publicly disclosed. The connected documents provide no confirmed patch version or offic...
CVE-2025-4323 MRCMS Edit Article Page cross site scripting
A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has...
CVE-2025-2196
A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scriptin...
CVE-2025-2196
A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scriptin...
CVE-2025-2194
A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be...
CVE-2025-2195
CVE-2025-2195 affects MRCMS 3.1.2, where the vulnerable component is the rename function in /admin/file/rename.do (org.marker.mushroom.controller.FileController). The manipulation of the name/path argument enables cross-site scripting (XSS); the issue can be exploited remotely and exploitation ha...
CVE-2025-2194
CVE-2025-2194 affects MRCMS 3.1.2: cross-site scripting in the FileController.list.do endpoint caused by manipulating the path parameter. Exploit disclosed; remote initiation possible. Mitigations from PT-2025-10751 include disabling the /admin/file/list.do function or restricting access, and avo...
CVE-2025-2193
A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack...
CVE-2025-2193
A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack...
CVE-2025-2193 MRCMS org.marker.mushroom.controller.FileController delete.do delete path traversal
A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack...
CVE-2024-48177
MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do...
CVE-2024-48177
MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do...