Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
maccms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-19465
Maccms up to and including 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
Maccms Maccms
4.3
CVSSv2
CVE-2019-8410
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
Maccms Maccms
5.5
CVSSv2
CVE-2020-21363
An arbitrary file deletion vulnerability exists within Maccms10.
Maccms Maccms 10.0
4.3
CVSSv2
CVE-2021-43707
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.
Maccms Maccms 10.0
4.3
CVSSv2
CVE-2022-27885
Maccms v10 exists to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.
Maccms Maccms 10.0
4.3
CVSSv2
CVE-2022-27886
Maccms v10 exists to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.
Maccms Maccms 10.0
4.3
CVSSv2
CVE-2022-27884
Maccms v10 exists to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.
Maccms Maccms 10.0
NA
CVE-2022-47872
A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows malicious users to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module.
Maccms Maccms 10.0
1 Github repository
3.5
CVSSv2
CVE-2022-31303
maccms10 exists to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.
Maccms Maccms 10.0
6.8
CVSSv2
CVE-2018-12114
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
Maccms Maccms 10.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »