Maccms

maccms

37 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (37)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-26573 1Maccms 1Maccms Jan 26, 2026 Mar 25, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.
CVE-2021-45787 1Maccms 1Maccms Nov 21, 2024 Mar 16, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
CVE-2021-45786 1Maccms 1Maccms Nov 21, 2024 Mar 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
CVE-2020-21434 1Maccms 1Maccms Nov 21, 2024 Oct 4, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.
CVE-2020-21387 1Maccms 1Maccms Nov 21, 2024 Oct 4, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.
CVE-2020-21386 1Maccms 1Maccms Nov 21, 2024 Oct 4, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
CVE-2020-20514 1Maccms 1Maccms Nov 21, 2024 Sep 24, 2021 N/A· v4 8.1 HIGH· v3 4.9 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVE-2020-21082 1Maccms 1Maccms Nov 21, 2024 Sep 14, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chin...Show more A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.Show less
CVE-2020-21081 1Maccms 1Maccms Nov 21, 2024 Sep 14, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
CVE-2020-21363 1Maccms 1Maccms Nov 21, 2024 Aug 11, 2021 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 An arbitrary file deletion vulnerability exists within Maccms10.
CVE-2020-21362 1Maccms 1Maccms Nov 21, 2024 Aug 11, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
CVE-2020-21359 1Maccms 1Maccms Nov 21, 2024 Aug 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded fil...Show more An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.Show less
CVE-2018-19465 1Maccms 1Maccms Nov 21, 2024 Jun 7, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
CVE-2019-9829 1Maccms 1Maccms Nov 21, 2024 Mar 15, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which...Show more Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.Show less
CVE-2019-8410 1Maccms 1Maccms Nov 21, 2024 Feb 27, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
CVE-2018-12114 1Maccms 1Maccms Nov 21, 2024 Jun 14, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
CVE-2017-17733 1Maccms 1Maccms May 13, 2026 Dec 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.