Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/04/08 5:0 a.m.6 views

CVE-2026-31272

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

9.8CVSS5.9AI score0.00577EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 12:0 a.m.5 views

CVE-2026-31272

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

5.9AI score0.00577EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/08 5:5 a.m.19 views

CVE-2025-4323

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has...

5.4CVSS6.2AI score0.0025EPSS
Exploits1References1
OSV
OSV
added 2025/05/06 7:15 a.m.3 views

CVE-2025-4327

A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints...

5.3CVSS7AI score
Exploits0References4
CVE
CVE
added 2025/05/06 6:31 a.m.55 views

CVE-2025-4327

CVE-2025-4327 concerns MRCMS 3.1.2 where an unknown function is susceptible to cross-site request forgery. The vulnerability is described as exploitable remotely, with multiple endpoints potentially affected. Core details such as the affected component/function and root cause are explicitly state...

5.3CVSS4.7AI score0.00233EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/05/06 6:15 a.m.21 views

CVE-2025-4325

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated...

4.8CVSS0.00303EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/06 6:0 a.m.24 views

CVE-2025-4325 MRCMS Category Management Page add.do cross site scripting

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated...

4.8CVSS0.00303EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/06 5:31 a.m.32 views

CVE-2025-4324 MRCMS External Link Management Page edit.do cross site scripting

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

4.8CVSS0.0025EPSS
Exploits1References4
CVE
CVE
added 2025/05/06 5:31 a.m.55 views

CVE-2025-4324

The CVE concerns MRCMS 3.1.2 and the External Link Management Page (file path: /admin/link/edit.do). The issue is a cross-site scripting (XSS) vulnerability that can be exploited remotely; the exploit has been publicly disclosed. The connected documents provide no confirmed patch version or offic...

5.4CVSS3.4AI score0.0025EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/05/06 5:0 a.m.24 views

CVE-2025-4323 MRCMS Edit Article Page cross site scripting

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has...

4.8CVSS0.0025EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/03/14 9:5 a.m.8 views

CVE-2025-2196

A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scriptin...

6.1CVSS3.8AI score0.00351EPSS
Exploits1References1
OSV
OSV
added 2025/03/11 2:15 p.m.8 views

CVE-2025-2196

A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scriptin...

6.1CVSS6AI score
Exploits0References4
NVD
NVD
added 2025/03/11 2:15 p.m.15 views

CVE-2025-2194

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be...

6.1CVSS0.00311EPSS
Exploits1References4
CVE
CVE
added 2025/03/11 1:31 p.m.59 views

CVE-2025-2195

CVE-2025-2195 affects MRCMS 3.1.2, where the vulnerable component is the rename function in /admin/file/rename.do (org.marker.mushroom.controller.FileController). The manipulation of the name/path argument enables cross-site scripting (XSS); the issue can be exploited remotely and exploitation ha...

6.1CVSS3.6AI score0.00311EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/03/11 1:31 p.m.52 views

CVE-2025-2194

CVE-2025-2194 affects MRCMS 3.1.2: cross-site scripting in the FileController.list.do endpoint caused by manipulating the path parameter. Exploit disclosed; remote initiation possible. Mitigations from PT-2025-10751 include disabling the /admin/file/list.do function or restricting access, and avo...

6.1CVSS3.6AI score0.00311EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/03/11 1:15 p.m.15 views

CVE-2025-2193

A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack...

8.1CVSS0.00709EPSS
Exploits1References4
OSV
OSV
added 2025/03/11 1:15 p.m.5 views

CVE-2025-2193

A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack...

8.1CVSS6.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/11 1:0 p.m.16 views

CVE-2025-2193 MRCMS org.marker.mushroom.controller.FileController delete.do delete path traversal

A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack...

5.5CVSS5.5AI score0.00709EPSS
Exploits1References4
NVD
NVD
added 2024/10/28 9:15 p.m.9 views

CVE-2024-48177

MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do...

8.8CVSS0.00416EPSS
Exploits1References1
OSV
OSV
added 2024/10/28 9:15 p.m.5 views

CVE-2024-48177

MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do...

8.8CVSS7.9AI score
Exploits0References1
Rows per page
Query Builder