Maccms Security Vulnerabilities
A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address...
8.8CVSS
8.4AI Score
0.001EPSS
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management...
6.1CVSS
5.9AI Score
0.001EPSS
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at...
6.5CVSS
6.8AI Score
0.001EPSS
maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text...
5.4CVSS
5.3AI Score
0.001EPSS
maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text...
5.4CVSS
5.3AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input...
6.1CVSS
6.2AI Score
0.001EPSS
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat...
6.1CVSS
6AI Score
0.001EPSS
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd...
6.1CVSS
6AI Score
0.001EPSS
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input...
6.1CVSS
6.2AI Score
0.001EPSS
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd...
6.1CVSS
6AI Score
0.001EPSS
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain...
9.8CVSS
9.5AI Score
0.003EPSS
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and...
5.4CVSS
5.1AI Score
0.001EPSS
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text...
5.4CVSS
6AI Score
0.001EPSS
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator...
8.8CVSS
8.9AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted...
6.1CVSS
6AI Score
0.001EPSS
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/.html allows authenticated attackers to delete all...
8.1CVSS
8AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English...
6.1CVSS
5.9AI Score
0.001EPSS
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted...
6.5CVSS
6.5AI Score
0.001EPSS
6.5CVSS
7.4AI Score
0.001EPSS
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's...
9.8CVSS
8.3AI Score
0.005EPSS
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd'...
5.4CVSS
6.3AI Score
0.001EPSS
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to...
6.1CVSS
6.2AI Score
0.001EPSS
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as...
8.8CVSS
8.3AI Score
0.007EPSS
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not...
6.1CVSS
6.2AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.005EPSS
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search...
9.8CVSS
7.8AI Score
0.884EPSS