EUVD-2026-14337

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...

CVE-2026-4562

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...

CVE-2022-27886

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/ulog/index.html via the wd parameter...

EUVD-2022-32374

Malicious code in bioql PyPI...

CVE-2025-10122

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

CVE-2022-27884

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...

CVE-2020-20514

A Cross-Site Request Forgery CSRF in Maccms v10 via admin.php/admin/admin/del/ids/.html allows authenticated attackers to delete all users...

PT-2024-24543 · Maccms · Maccms

Name of the Vulnerable Software and Affected Versions: MacCMS version 10, specifically versions including 2024.1000.3000 Description: The issue allows a remote attacker to execute arbitrary code via a crafted payload, exploiting a Cross Site Scripting vulnerability. Recommendations: For MacCMS...

CVE-2021-43707

Cross Site Scripting XSS vulnerability exists in Maccms v10 via linkName parameter...

CVE-2022-27886

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/ulog/index.html via the wd parameter...

CVE-2022-27887

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/vod/data.html via the repeat parameter...

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

CVE-2022-27887

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/vod/data.html via the repeat parameter...

CVE-2022-26573

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters...

Maccms 跨站脚本漏洞

Maccms is a PHP-based film and television content management system CMS. v10 version of Maccms contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in the select and input parameters in...

CVE-2021-45787

There is a stored Cross Site Scripting XSS vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks...

CVE-2021-45786

In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges...