CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

Mara CMS 7.5 - Cross-Site Scripting

Mara CMS 7.5 allows reflected cross-site scripting in contact.php via the theme or pagetheme parameters. id: CVE-2020-24223 info: name: Mara CMS 7.5 - Cross-Site Scripting author: pikpikcu severity: medium description: Mara CMS 7.5 allows reflected cross-site scripting in contact.php via the them...

6.1CVSS6.2AI score0.15272EPSS

Exploits2References5

RedhatCVE•added 2026/01/09 9:49 a.m.•1 views

CVE-2020-24223

Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...

6.1CVSS6.1AI score0.15272EPSS

Exploits2References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-18109

Malware in sbrugna...

5.4CVSS5.5AI score0.00206EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 5:55 p.m.•8 views

CVE-2020-25422

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS5.8AI score0.00206EPSS

Exploits1

RedhatCVE•added 2025/05/22 5:54 p.m.•4 views

CVE-2020-25042

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated admin/manager session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php...

7.2CVSS7AI score0.77043EPSS

Exploits3

CNVD•added 2021/10/31 12:0 a.m.•6 views

Mara CMS File Upload Vulnerability

Mara CMS is a file-based content management system. A file upload vulnerability exists in Mara v7.5, which stems from /codebase/dir.php?type=filenew failing to properly filter user input. An attacker can use this vulnerability to upload a webshell file to execute arbitrary commands...

9.8CVSS7.4AI score0.22363EPSS

Exploits1References1

CNVD•added 2021/10/31 12:0 a.m.•3 views

Mara CMS Cross-Site Scripting Vulnerability (CNVD-2021-84589)

Mara CMS is a file-based content management system. A cross-site scripting vulnerability exists in Mara CMS version 7.5, which stems from a lack of checksum filtering of user-supplied and output data in the menuedit.php component. An attacker can exploit this vulnerability to execute JavaScript...

5.4CVSS6.3AI score0.00206EPSS

Exploits1References1

OSV•added 2021/10/28 7:15 p.m.•0 views

CVE-2020-25422

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS5.6AI score

Exploits0References1

Prion•added 2021/10/28 7:15 p.m.•10 views

Cross site scripting

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

3.5CVSS5.4AI score0.00206EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/10/28 6:30 p.m.•8 views

CVE-2020-25422

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.5AI score0.00206EPSS

Exploits1References1

CVE•added 2021/10/28 6:30 p.m.•55 views

CVE-2020-25422

MARA CMS 7.5 is affected by a Cross-Site Scripting (XSS) vulnerability in the menuedit.php component. The issue arises from improper handling of user-supplied/output data in that module (lack of checksum filtering per CNVD-2021-84589). Several databases (NVD, Red Hat, CNVD, CNVD-2021-84589, CNNVD...

5.4CVSS5.4AI score0.00206EPSS

Exploits1References1Affected Software1

CNNVD•added 2021/10/28 12:0 a.m.•2 views

Mara CMS 代码问题漏洞

9.8CVSS6AI score0.22363EPSS

Exploits1References1

CNNVD•added 2021/10/28 12:0 a.m.•14 views

Mara CMS 跨站脚本漏洞

5.4CVSS5.6AI score0.00206EPSS

Exploits1References2

CNVD•added 2020/09/04 12:0 a.m.•2 views

Mara CMS Arbitrary File Upload Vulnerability

Mara CMS is a file-based content management system. An arbitrary file upload vulnerability exists in Mara CMS 7.5. An attacker with a valid authentication session can exploit this vulnerability by issuing a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php, which ca...

7.2CVSS8.4AI score0.77043EPSS

Exploits3References1

OSV•added 2020/09/03 3:15 p.m.•1 views

CVE-2020-25042

7.2CVSS7.3AI score

Exploits0References3

Prion•added 2020/09/03 3:15 p.m.•19 views

Design/Logic Flaw

6.5CVSS7AI score0.77043EPSS

Exploits3References3Affected Software1

Cvelist•added 2020/09/03 2:23 p.m.•19 views

CVE-2020-25042

7.1AI score0.77043EPSS

Exploits3References3

CVE•added 2020/09/03 2:23 p.m.•60 views

CVE-2020-25042

CVE-2020-25042 concerns Mara CMS 7.5 where an authenticated admin/manager can upload PHP via codebase/handler.php after invoking codebase/dir.php?type=filenew, enabling arbitrary code execution. The vulnerability is triggered by an authenticated session and a crafted request; public exploit detai...

7.2CVSS7.6AI score0.77043EPSS

Exploits3References3Affected Software1

Positive Technologies•added 2020/09/03 12:0 a.m.•5 views

PT-2020-15905 · Mara · Mara Cms

Name of the Vulnerable Software and Affected Versions: Mara CMS version 7.5 Description: An issue exists that allows arbitrary file upload. To exploit this, an attacker needs a valid authenticated session and must make a "codebase/dir.php?type=filenew" request to upload PHP code to...

7.2CVSS7.2AI score0.77043EPSS

Exploits3References5

CNVD•added 2020/08/31 12:0 a.m.•1 views

Mara CMS Cross-Site Scripting Vulnerability

Mara CMS is a file-based content management system. A cross-site scripting vulnerability exists in Mara CMS 7.5. The vulnerability can be exploited to conduct cross-site scripting attacks via contact.php?theme=...

6.1CVSS6.3AI score0.15272EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by