Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
maccms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-27885
Maccms v10 exists to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.
Maccms Maccms 10.0
6.1
CVSSv3
CVE-2022-27887
Maccms v10 exists to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.
Maccms Maccms 10.0
6.1
CVSSv3
CVE-2022-44870
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
Maccms Maccms 10.0
2 Github repositories
6.1
CVSSv3
CVE-2022-26573
Maccms v10 exists to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.
Maccms Maccms 10.0
5.4
CVSSv3
CVE-2021-45787
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
Maccms Maccms 10.0
9.8
CVSSv3
CVE-2020-21359
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
Maccms Maccms 10.0
8.8
CVSSv3
CVE-2019-9829
Maccms 10 allows remote malicious users to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.
Maccms Maccms 10.0
NA
CVE-2024-32391
Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote malicious user to execute arbitrary code via a crafted payload.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3