Lucene search
K

9 matches found

prion
prion
added 2021/10/28 7:15 p.m.15 views

Cross site scripting

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

3.5CVSS5.4AI score0.00503EPSS
Exploits1References1Affected Software1
cve
cve
added 2021/10/28 6:30 p.m.59 views

CVE-2020-25422

MARA CMS 7.5 is affected by a Cross-Site Scripting (XSS) vulnerability in the menuedit.php component. The issue arises from improper handling of user-supplied/output data in that module (lack of checksum filtering per CNVD-2021-84589). Several databases (NVD, Red Hat, CNVD, CNVD-2021-84589, CNNVD...

5.4CVSS5.4AI score0.00503EPSS
Exploits1References1Affected Software1
prion
prion
added 2020/09/03 3:15 p.m.26 views

Design/Logic Flaw

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated admin/manager session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php...

6.5CVSS7AI score0.18248EPSS
Exploits4References3Affected Software1
cve
cve
added 2020/09/03 2:23 p.m.83 views

CVE-2020-25042

CVE-2020-25042 concerns Mara CMS 7.5 where an authenticated admin/manager can upload PHP via codebase/handler.php after invoking codebase/dir.php?type=filenew, enabling arbitrary code execution. The vulnerability is triggered by an authenticated session and a crafted request; public exploit detai...

7.2CVSS7.6AI score0.18248EPSS
Exploits4References3Affected Software1
ptsecurity
ptsecurity
added 2020/09/03 12:0 a.m.8 views

PT-2020-15905 · Mara · Mara Cms

Name of the Vulnerable Software and Affected Versions: Mara CMS version 7.5 Description: An issue exists that allows arbitrary file upload. To exploit this, an attacker needs a valid authenticated session and must make a "codebase/dir.php?type=filenew" request to upload PHP code to...

7.2CVSS7.2AI score0.18248EPSS
Exploits4References5
exploitdb
exploitdb
added 2020/08/31 12:0 a.m.449 views

Mara CMS 7.5 - Reflective Cross-Site Scripting

Exploit Title: Mara CMS 7.5 - Reflective Cross-Site Scripting Google Dork: NA Date: 2020-08-01 Exploit Author: George Tsimpidas Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5 Tested on:...

6.1CVSS6.4AI score0.14552EPSS
Exploits2
nvd
nvd
added 2020/08/30 6:15 p.m.25 views

CVE-2020-24223

Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...

6.1CVSS6.1AI score0.14552EPSS
Exploits2References3
prion
prion
added 2020/08/30 6:15 p.m.18 views

Cross site scripting

Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...

4.3CVSS6AI score0.14552EPSS
Exploits2References3Affected Software1
cvelist
cvelist
added 2020/08/30 5:34 p.m.28 views

CVE-2020-24223

Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...

6.1AI score0.14552EPSS
Exploits2References3
Rows per page
Query Builder