CVE-2021-45787

Published: Mar 16, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.

Affected (90)

Products: Maccms: Maccms

Maccms

1 product

Maccms

Configuration A

90 vulnerable

Vulnerable Software	Affected Versions
Maccms Maccms	Version 10.0
Maccms Maccms	Version 10.0 2018.03.15
Maccms Maccms	Version 10.0 2018.03.21
Maccms Maccms	Version 10.0 2018.04.02
Maccms Maccms	Version 10.0 2018.05.01
Maccms Maccms	Version 10.0 2018.05.02.1005
Maccms Maccms	Version 10.0 2018.05.03.0000
Maccms Maccms	Version 10.0 2018.05.04.1320
Maccms Maccms	Version 10.0 2018.05.07.1213
Maccms Maccms	Version 10.0 2018.05.08.2020
Maccms Maccms	Version 10.0 2018.05.09.1320
Maccms Maccms	Version 10.0 2018.05.11.2300
Maccms Maccms	Version 10.0 2018.05.15.1403
Maccms Maccms	Version 10.0 2018.05.17.1050
Maccms Maccms	Version 10.0 2018.05.22.1338
Maccms Maccms	Version 10.0 2018.05.30.1007
Maccms Maccms	Version 10.0 2018.06.04.1510
Maccms Maccms	Version 10.0 2018.06.08.1339
Maccms Maccms	Version 10.0 2018.06.12.1430
Maccms Maccms	Version 10.0 2018.06.15.0910
Maccms Maccms	Version 10.0 2018.06.29.1425
Maccms Maccms	Version 10.0 2018.07.29.1010
Maccms Maccms	Version 10.0 2018.08.14.0955
Maccms Maccms	Version 10.0 2018.08.24.1355
Maccms Maccms	Version 10.0 2018.08.25.1120
Maccms Maccms	Version 10.0 2018.09.03.0920
Maccms Maccms	Version 10.0 2018.09.14.0850
Maccms Maccms	Version 10.0 2018.09.28.0950
Maccms Maccms	Version 10.0 2018.10.09.1333
Maccms Maccms	Version 10.0 2018.10.13.1025
Maccms Maccms	Version 10.0 2018.10.22.1200
Maccms Maccms	Version 10.0 2018.10.31.1340
Maccms Maccms	Version 10.0 2018.11.18.0920
Maccms Maccms	Version 10.0 2018.12.05.0950
Maccms Maccms	Version 10.0 2018.12.13.2151
Maccms Maccms	Version 10.0 2019.00.00.1001
Maccms Maccms	Version 10.0 2019.00.00.1002
Maccms Maccms	Version 10.0 2019.00.00.1003
Maccms Maccms	Version 10.0 2019.00.00.1004
Maccms Maccms	Version 10.0 2019.00.00.1005
Maccms Maccms	Version 10.0 2019.00.00.1006
Maccms Maccms	Version 10.0 2019.00.00.1007
Maccms Maccms	Version 10.0 2019.00.00.1008
Maccms Maccms	Version 10.0 2019.01.19.1001
Maccms Maccms	Version 10.0 2019.0101.1001
Maccms Maccms	Version 10.0 2019.02.23.0850
Maccms Maccms	Version 10.0 2019.03.06.1617
Maccms Maccms	Version 10.0 2019.1000.1009
Maccms Maccms	Version 10.0 2019.1000.1010
Maccms Maccms	Version 10.0 2019.1000.1011
Maccms Maccms	Version 10.0 2019.1000.1012
Maccms Maccms	Version 10.0 2019.1000.1013
Maccms Maccms	Version 10.0 2019.1000.1014
Maccms Maccms	Version 10.0 2019.1000.1015
Maccms Maccms	Version 10.0 2019.1000.1016
Maccms Maccms	Version 10.0 2019.1000.1017
Maccms Maccms	Version 10.0 2019.1000.1018
Maccms Maccms	Version 10.0 2020.1000.1019
Maccms Maccms	Version 10.0 2020.1000.1020
Maccms Maccms	Version 10.0 2020.1000.1021
Maccms Maccms	Version 10.0 2020.1000.1022
Maccms Maccms	Version 10.0 2020.1000.1023
Maccms Maccms	Version 10.0 2020.1000.1024
Maccms Maccms	Version 10.0 2020.1000.1025
Maccms Maccms	Version 10.0 2020.1000.1027
Maccms Maccms	Version 10.0 2020.1000.1029
Maccms Maccms	Version 10.0 2020.1000.1031
Maccms Maccms	Version 10.0 2020.1000.1032
Maccms Maccms	Version 10.0 2020.1000.1033
Maccms Maccms	Version 10.0 2020.1000.1034
Maccms Maccms	Version 10.0 2020.1000.1035
Maccms Maccms	Version 10.0 2020.1000.1039
Maccms Maccms	Version 10.0 2020.1000.1042
Maccms Maccms	Version 10.0 2020.1000.1051
Maccms Maccms	Version 10.0 2020.1000.1060
Maccms Maccms	Version 10.0 2020.1000.1062
Maccms Maccms	Version 10.0 2020.1000.1068
Maccms Maccms	Version 10.0 2020.1000.1068b
Maccms Maccms	Version 10.0 2020.1000.1069
Maccms Maccms	Version 10.0 2020.1000.1074
Maccms Maccms	Version 10.0 2020.1000.1075
Maccms Maccms	Version 10.0 2020.1000.1080
Maccms Maccms	Version 10.0 2020.1000.1081
Maccms Maccms	Version 10.0 2021.1000.1081
Maccms Maccms	Version 10.0 2022.1000.1099
Maccms Maccms	Version 10.0 2022.1000.3001
Maccms Maccms	Version 10.0 2022.1000.3002
Maccms Maccms	Version 10.0 2022.1000.3004
Maccms Maccms	Version 10.0 2022.1000.3005
Maccms Maccms	Version 10.0 2022.1000.3025

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/magicblack/maccms10/issues/746

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/magicblack/maccms10/issues/746

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.