Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
maccms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-19465
Maccms up to and including 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
Maccms Maccms
6.1
CVSSv3
CVE-2019-8410
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
Maccms Maccms
6.1
CVSSv3
CVE-2022-26573
Maccms v10 exists to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.
Maccms Maccms 10.0
8.8
CVSSv3
CVE-2022-47872
A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows malicious users to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module.
Maccms Maccms 10.0
1 Github repository
6.1
CVSSv3
CVE-2020-21082
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows malicious users to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.
Maccms Maccms 8.0
5.4
CVSSv3
CVE-2020-21362
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows malicious users to execute arbitrary web scripts or HTML via the 'wd' parameter.
Maccms Maccms 10.0
6.1
CVSSv3
CVE-2020-21387
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows malicious users to obtain the administrator cookie and escalate privileges via a crafted payload.
Maccms Maccms 10.0
5.4
CVSSv3
CVE-2020-21434
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.
Maccms Maccms 10.0
9.8
CVSSv3
CVE-2017-17733
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.
Maccms Maccms 8.0
9.8
CVSSv3
CVE-2021-45786
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
Maccms Maccms 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »