Filtered by vendor Maccms
Subscribe
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26573 | 1 Maccms | 1 Maccms | 2026-01-26 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.
|
|||||
| CVE-2025-10397 | 1 Maccms | 1 Maccms | 2025-10-08 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-10395 | 1 Maccms | 1 Maccms | 2025-10-08 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely.
|
|||||
| CVE-2025-10122 | 1 Maccms | 1 Maccms | 2025-10-08 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-45475 | 1 Maccms | 1 Maccms | 2025-06-24 | N/A | 5.4 MEDIUM |
|
maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.
|
|||||
| CVE-2025-45474 | 1 Maccms | 1 Maccms | 2025-06-19 | N/A | 7.3 HIGH |
|
maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.
|
|||||
| CVE-2024-32391 | 1 Maccms | 1 Maccms | 2025-04-30 | N/A | 7.3 HIGH |
|
Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload.
|
|||||
| CVE-2024-46654 | 1 Maccms | 1 Maccms | 2025-04-28 | N/A | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2017-17733 | 1 Maccms | 1 Maccms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.
|
|||||
| CVE-2022-44870 | 1 Maccms | 1 Maccms | 2025-04-09 | N/A | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
|
|||||
| CVE-2025-28089 | 1 Maccms | 1 Maccms | 2025-04-07 | N/A | 9.1 CRITICAL |
|
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
|
|||||
| CVE-2025-28090 | 1 Maccms | 1 Maccms | 2025-04-07 | N/A | 9.1 CRITICAL |
|
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
|
|||||
| CVE-2025-28091 | 1 Maccms | 1 Maccms | 2025-04-07 | N/A | 9.1 CRITICAL |
|
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
|
|||||
| CVE-2022-47872 | 1 Maccms | 1 Maccms | 2024-11-21 | N/A | 8.8 HIGH |
|
A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module.
|
|||||
| CVE-2022-35148 | 1 Maccms | 1 Maccms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.
|
|||||
| CVE-2022-31303 | 1 Maccms | 1 Maccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.
|
|||||
| CVE-2022-31302 | 1 Maccms | 1 Maccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.
|
|||||
| CVE-2022-27887 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.
|
|||||
| CVE-2022-27886 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.
|
|||||
| CVE-2022-27885 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.
|
|||||
| CVE-2022-27884 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.
|
|||||
| CVE-2021-45787 | 1 Maccms | 1 Maccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
|
|||||
| CVE-2021-45786 | 1 Maccms | 1 Maccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
|
|||||
| CVE-2021-43707 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.
|
|||||
| CVE-2020-21434 | 1 Maccms | 1 Maccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.
|
|||||
| CVE-2020-21387 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.
|
|||||
| CVE-2020-21386 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
|
|||||
| CVE-2020-21363 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
An arbitrary file deletion vulnerability exists within Maccms10.
|
|||||
| CVE-2020-21362 | 1 Maccms | 1 Maccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
|
|||||
| CVE-2020-21359 | 1 Maccms | 1 Maccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
|
|||||
| CVE-2020-21082 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.
|
|||||
| CVE-2020-21081 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
|
|||||
| CVE-2020-20514 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
|
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
|
|||||
| CVE-2019-9829 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.
|
|||||
| CVE-2019-8410 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
|
|||||
| CVE-2018-19465 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
|
|||||
| CVE-2018-12114 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
|
|||||