Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
maccms maccms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-19465
Maccms up to and including 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
Maccms Maccms
6.1
CVSSv3
CVE-2019-8410
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
Maccms Maccms
6.1
CVSSv3
CVE-2022-44870
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
Maccms Maccms 10.0
2 Github repositories
8.8
CVSSv3
CVE-2018-12114
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
Maccms Maccms 10.0
1 EDB exploit
9.8
CVSSv3
CVE-2017-17733
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.
Maccms Maccms 8.0
9.8
CVSSv3
CVE-2021-45786
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
Maccms Maccms 10.0
5.4
CVSSv3
CVE-2021-45787
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
Maccms Maccms 10.0
6.5
CVSSv3
CVE-2020-21081
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
Maccms Maccms 8.0
9.8
CVSSv3
CVE-2020-21359
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
Maccms Maccms 10.0
5.4
CVSSv3
CVE-2020-21362
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows malicious users to execute arbitrary web scripts or HTML via the 'wd' parameter.
Maccms Maccms 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »