CVE-2025-4326

Name of the Vulnerable Software and Affected Versions MRCMS version 3.1.2

Description A vulnerability was found in the processing of the file "/admin/chip/add.do" of the component "Add Fragment Page". This issue leads to cross-site scripting and can be initiated remotely. The manipulation of this file can cause the vulnerability to be exploited.

Recommendations For MRCMS version 3.1.2, consider restricting access to the "/admin/chip/add.do" endpoint until a patch is available. As a temporary workaround, avoid using the Add Fragment Page component to minimize the risk of exploitation.