Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting mrcms.
- CVE-2026-31272MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct ad...9.8
- CVE-2026-29909MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validatio...5.3
- CVE-2025-50581MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do.4.8
- CVE-2025-4327MRCMS cross-site request forgery4.3
- CVE-2025-4326MRCMS Add Fragment Page add.do cross site scripting2.4
- CVE-2025-4325MRCMS Category Management Page add.do cross site scripting2.4
- CVE-2025-4324MRCMS External Link Management Page edit.do cross site scripting2.4
- CVE-2025-4323MRCMS Edit Article Page cross site scripting2.4
- CVE-2025-4293MRCMS Group Edit Page edit.do cross site scripting2.4
- CVE-2025-4292MRCMS Edit User Page edit.do cross site scripting2.4
- CVE-2025-2196MRCMS org.marker.mushroom.controller.FileController upload.do upload cross site scripting3.5
- CVE-2025-2195MRCMS org.marker.mushroom.controller.FileController rename.do rename cross site scripting3.5
- CVE-2025-2194MRCMS org.marker.mushroom.controller.FileController list.do list cross site scripting3.5
- CVE-2025-2193MRCMS org.marker.mushroom.controller.FileController delete.do delete path traversal5.4
- CVE-2025-25768MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitra...5.4