How CVE-2025-2196 Works
The vulnerability exists in MRCMS 3.1.2 within the file upload function (/admin/file/upload.do) of the `FileController` component. Attackers can exploit the `path` parameter to inject malicious JavaScript payloads due to insufficient input sanitization. When an admin user accesses the compromised file path, the script executes in their browser session, potentially leading to session hijacking, unauthorized actions, or data theft. The attack is remote and requires low privileges, with a CVSS 4.0 score of 5.1 (Medium).
DailyCVE Form
Platform: MRCMS
Version: 3.1.2
Vulnerability: XSS
Severity: Medium
Date: 03/11/2025
What Undercode Say:
Exploitation
1. Payload Injection:
POST /admin/file/upload.do HTTP/1.1 Host: target.com Content-Type: multipart/form-data ... path=<script>alert(document.cookie)</script>
2. Stored XSS Trigger:
GET /admin/file/view?path=malicious_upload.jsp HTTP/1.1
Protection
1. Input Sanitization:
// Java (Spring) example String sanitizedPath = ESAPI.encoder().encodeForHTML(path);
2. Content Security Policy (CSP):
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
3. WAF Rules:
location /admin/file/ {
modsecurity_rules 'SecRule ARGS:path "@rx <script>" "id:1001,deny,status:403"';
}
4. Patch Verification:
curl -I http://target.com/admin/file/upload.do | grep "X-XSS-Protection"
5. Log Monitoring:
grep "path=.script" /var/log/mrcms/access.log
6. Vendor Fix:
Upgrade to MRCMS 3.1.3+ (if patched).
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-2196
Extra Source Hub:
Undercode
