Filtered by vendor Maccms Subscriptions
Total 29 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-21082 1 Maccms 1 Maccms 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.
CVE-2020-21081 1 Maccms 1 Maccms 2024-11-21 6.5 Medium
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
CVE-2020-20514 1 Maccms 1 Maccms 2024-11-21 8.1 High
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVE-2019-9829 1 Maccms 1 Maccms 2024-11-21 N/A
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.
CVE-2019-8410 1 Maccms 1 Maccms 2024-11-21 N/A
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
CVE-2018-19465 1 Maccms 1 Maccms 2024-11-21 N/A
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
CVE-2018-12114 1 Maccms 1 Maccms 2024-11-21 N/A
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
CVE-2017-17733 1 Maccms 1 Maccms 2024-11-21 N/A
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.
CVE-2024-46654 1 Maccms 1 Maccms 2024-09-26 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.