CVE-2025-60837

Name of the Vulnerable Software and Affected Versions MCMS version 6.0.1

Description A reflected cross-site scripting (XSS) issue exists in MCMS version 6.0.1. This allows attackers to execute arbitrary Javascript in the context of a user’s browser through a crafted payload. The attack vector involves a reflected XSS, meaning the malicious script is triggered when a user interacts with a specially crafted link or form.

Recommendations Update MCMS to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.