Vulnerabilities > Maccms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-25	CVE-2022-27887	Cross-site Scripting vulnerability in Maccms 10.0 Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. network low complexity maccms CWE-79	6.1
2022-03-16	CVE-2021-45786	Improper Authentication vulnerability in Maccms 10.0 In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges. network low complexity maccms CWE-287 critical	9.8
2022-03-16	CVE-2021-45787	Cross-site Scripting vulnerability in Maccms 10.0 There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. network low complexity maccms CWE-79	5.4
2021-10-04	CVE-2020-21434	Cross-site Scripting vulnerability in Maccms 10.0 Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. network low complexity maccms CWE-79	5.4
2021-10-04	CVE-2020-21386	Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. network low complexity maccms CWE-352	8.8
2021-10-04	CVE-2020-21387	Cross-site Scripting vulnerability in Maccms 10.0 A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. network low complexity maccms CWE-79	6.1
2021-09-24	CVE-2020-20514	Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. network low complexity maccms CWE-352	8.1
2021-09-14	CVE-2020-21081	Cross-Site Request Forgery (CSRF) vulnerability in Maccms 8.0 A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL. network low complexity maccms CWE-352	6.5
2021-09-14	CVE-2020-21082	Cross-site Scripting vulnerability in Maccms 8.0 A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names. network low complexity maccms CWE-79	6.1
2021-08-11	CVE-2020-21359	Unrestricted Upload of File with Dangerous Type vulnerability in Maccms 10.0 An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. network low complexity maccms CWE-434 critical	9.8

Vulnerabilities > Maccms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Maccms"}]}

Vulnerabilities > Maccms