Mara CMS 7.5 - Cross-Site Scripting

Mara CMS 7.5 allows reflected cross-site scripting in contact.php via the theme or pagetheme parameters. id: CVE-2020-24223 info: name: Mara CMS 7.5 - Cross-Site Scripting author: pikpikcu severity: medium description: Mara CMS 7.5 allows reflected cross-site scripting in contact.php via the them...

CVE-2026-40719

Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved...

CVE-2020-24223

Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...

EUVD-2025-147262

Malicious code in uaragifa-mara-saf npm...

EUVD-2020-18109

Malware in sbrugna...

MaraDNS_1

This is a repository for MaraDNS, a small open-source DNS server. The repository contains various files and scripts for building and testing MaraDNS, including a Dockerfile for creating a Docker image to test installing MaraDNS on a fresh Ubuntu 22.04 virtual machine. The repository includes a...

La MaraDNS

MaraDNS is a small open-source DNS server. It is an authoritative DNS server that handles recursion using the included "Deadwood" program. The MaraDNS repository contains various files, including a README, CHANGELOG, and Dockerfile, which provide information on how to compile and run MaraDNS, as...

CVE-2021-36547

A remote code execution RCE vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file...

CVE-2020-25422

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2020-25042

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated admin/manager session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php...

mara-aranda.com Improper Access Control vulnerability OBB-3804571

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DEBIAN-CVE-2022-30256

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

Mara CMS File Upload Vulnerability

Mara CMS is a file-based content management system. A file upload vulnerability exists in Mara v7.5, which stems from /codebase/dir.php?type=filenew failing to properly filter user input. An attacker can use this vulnerability to upload a webshell file to execute arbitrary commands...

Mara CMS Cross-Site Scripting Vulnerability (CNVD-2021-84589)

Mara CMS is a file-based content management system. A cross-site scripting vulnerability exists in Mara CMS version 7.5, which stems from a lack of checksum filtering of user-supplied and output data in the menuedit.php component. An attacker can exploit this vulnerability to execute JavaScript...

CVE-2021-36547

A remote code execution RCE vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file...

CVE-2021-36547

A remote code execution RCE vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file...

Remote code execution

A remote code execution RCE vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file...

CVE-2020-25422

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2021-36547

Summary: Mara CMS v7.5 contains a remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew. The root cause is alleged improper input filtering in the file upload logic, enabling an attacker to upload a crafted PHP file that can execute arbitrary commands. This iss...