{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-4324","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-05-05T14:54:52.796Z","datePublished":"2025-05-06T05:31:04.366Z","dateUpdated":"2025-05-06T13:52:14.807Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-05-06T05:31:04.366Z"},"title":"MRCMS External Link Management Page edit.do cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"n/a","product":"MRCMS","versions":[{"version":"3.1.2","status":"affected"}],"modules":["External Link Management Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine problematische Schwachstelle in MRCMS 3.1.2 gefunden. Es betrifft eine unbekannte Funktion der Datei /admin/link/edit.do der Komponente External Link Management Page. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":4.8,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":2.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":3.3,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N"}}],"timeline":[{"time":"2025-05-05T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-05-05T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-05-05T17:00:08.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"baihekuz (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.307425","name":"VDB-307425 | MRCMS External Link Management Page edit.do cross site scripting","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.307425","name":"VDB-307425 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.563543","name":"Submit #563543 | http://www.mrcms.cn/ mrcms 3.1.2 Stored Cross-Site Scripting","tags":["third-party-advisory"]},{"url":"https://github.com/bdkuzma/vuln/issues/4","tags":["exploit","issue-tracking"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-06T13:52:03.671019Z","id":"CVE-2025-4324","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-06T13:52:14.807Z"}}]}}