CVE-2025-4324
MRCMS External Link Management Page edit.do cross site scripting
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
06 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
n/a · MRCMS