ReportizFlow
Filtered by vendor Maccms
Subscriptions
Filtered by product Maccms
Subscriptions
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32391 | 1 Maccms | 1 Maccms | 2024-11-21 | 7.3 High |
| Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload. | ||||
| CVE-2022-47872 | 1 Maccms | 1 Maccms | 2024-11-21 | 8.8 High |
| A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module. | ||||
| CVE-2022-44870 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. | ||||
| CVE-2022-35148 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.5 Medium |
| maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | ||||
| CVE-2022-31303 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | ||||
| CVE-2022-31302 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | ||||
| CVE-2022-27887 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | ||||
| CVE-2022-27886 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | ||||
| CVE-2022-27885 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. | ||||
| CVE-2022-27884 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | ||||
| CVE-2022-26573 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. | ||||
| CVE-2021-45787 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks. | ||||
| CVE-2021-45786 | 1 Maccms | 1 Maccms | 2024-11-21 | 9.8 Critical |
| In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges. | ||||
| CVE-2021-43707 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. | ||||
| CVE-2020-21434 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. | ||||
| CVE-2020-21387 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | ||||
| CVE-2020-21386 | 1 Maccms | 1 Maccms | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | ||||
| CVE-2020-21363 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.5 Medium |
| An arbitrary file deletion vulnerability exists within Maccms10. | ||||
| CVE-2020-21362 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. | ||||
| CVE-2020-21359 | 1 Maccms | 1 Maccms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | ||||