Vulnerabilities > Maccms > Maccms > 10.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-16 | CVE-2021-45787 | Cross-site Scripting vulnerability in Maccms 10.0 There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. | 3.5 |
| 2021-10-04 | CVE-2020-21434 | Cross-site Scripting vulnerability in Maccms 10.0 Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. | 3.5 |
| 2021-10-04 | CVE-2020-21386 | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | 6.8 |
| 2021-10-04 | CVE-2020-21387 | Cross-site Scripting vulnerability in Maccms 10.0 A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | 4.3 |
| 2021-09-24 | CVE-2020-20514 | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | 4.9 |
| 2021-08-11 | CVE-2020-21359 | Unrestricted Upload of File with Dangerous Type vulnerability in Maccms 10.0 An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | 7.5 |
| 2021-08-11 | CVE-2020-21362 | Cross-site Scripting vulnerability in Maccms 10.0 A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. | 3.5 |
| 2021-08-11 | CVE-2020-21363 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0 An arbitrary file deletion vulnerability exists within Maccms10. | 5.5 |
| 2019-03-15 | CVE-2019-9829 | Code Injection vulnerability in Maccms 10.0 Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. | 6.5 |
| 2018-06-14 | CVE-2018-12114 | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | 6.8 |