Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Maccms Subscribe
Filtered by product Maccms
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-47872 1 Maccms 1 Maccms 2023-02-08 N/A 8.8 HIGH
maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF).
CVE-2022-44870 1 Maccms 1 Maccms 2023-01-11 N/A 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
CVE-2022-35148 1 Maccms 1 Maccms 2022-08-24 N/A 6.5 MEDIUM
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.
CVE-2022-31303 1 Maccms 1 Maccms 2022-06-29 3.5 LOW 5.4 MEDIUM
maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.
CVE-2022-31302 1 Maccms 1 Maccms 2022-06-28 3.5 LOW 5.4 MEDIUM
maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.
CVE-2021-43707 1 Maccms 1 Maccms 2022-04-06 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.
CVE-2022-27884 1 Maccms 1 Maccms 2022-03-30 4.3 MEDIUM 6.1 MEDIUM
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.
CVE-2022-27885 1 Maccms 1 Maccms 2022-03-30 4.3 MEDIUM 6.1 MEDIUM
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.
CVE-2022-27886 1 Maccms 1 Maccms 2022-03-30 4.3 MEDIUM 6.1 MEDIUM
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.
CVE-2022-27887 1 Maccms 1 Maccms 2022-03-30 4.3 MEDIUM 6.1 MEDIUM
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.
CVE-2022-26573 1 Maccms 1 Maccms 2022-03-30 4.3 MEDIUM 6.1 MEDIUM
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.
CVE-2021-45786 1 Maccms 1 Maccms 2022-03-22 7.5 HIGH 9.8 CRITICAL
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
CVE-2021-45787 1 Maccms 1 Maccms 2022-03-22 3.5 LOW 5.4 MEDIUM
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
CVE-2020-21386 1 Maccms 1 Maccms 2021-10-07 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
CVE-2020-21387 1 Maccms 1 Maccms 2021-10-07 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.
CVE-2020-21434 1 Maccms 1 Maccms 2021-10-07 3.5 LOW 5.4 MEDIUM
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.
CVE-2020-20514 1 Maccms 1 Maccms 2021-10-01 4.9 MEDIUM 8.1 HIGH
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVE-2020-21081 1 Maccms 1 Maccms 2021-09-24 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
CVE-2020-21082 1 Maccms 1 Maccms 2021-09-24 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.
CVE-2020-21363 1 Maccms 1 Maccms 2021-08-16 5.5 MEDIUM 6.5 MEDIUM
An arbitrary file deletion vulnerability exists within Maccms10.