CVE-2025-60837: MCMS reflected cross-site scripting (XSS) vulnerability

October 23, 2025

A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user’s browser via a crafted payload.

References

gist.github.com/xuzhiwei66666666/5cec37c9f674a08bc0d8654d42b4137a
gitee.com/mingSoft/MCMS
github.com/advisories/GHSA-wvv5-5g6x-hp7j
github.com/ming-soft/MCMS
nvd.nist.gov/vuln/detail/CVE-2025-60837

Code Behaviors & Features

Detect and mitigate CVE-2025-60837 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →