Vulnerabilities > Maccms

DATE CVE VULNERABILITY TITLE RISK
2021-08-11 CVE-2020-21362 Cross-site Scripting vulnerability in Maccms 10.0
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
network
low complexity
maccms CWE-79
5.4
2021-08-11 CVE-2020-21363 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0
An arbitrary file deletion vulnerability exists within Maccms10.
network
low complexity
maccms CWE-610
6.5
2019-06-07 CVE-2018-19465 Cross-site Scripting vulnerability in Maccms 7.0/8.0
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
network
low complexity
maccms CWE-79
6.1
2019-03-15 CVE-2019-9829 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Maccms 10.0
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action.
network
low complexity
maccms CWE-829
8.8
2019-02-27 CVE-2019-8410 Cross-site Scripting vulnerability in Maccms 7.0/8.0
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
network
low complexity
maccms CWE-79
6.1
2018-06-14 CVE-2018-12114 Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
network
low complexity
maccms CWE-352
8.8
2017-12-18 CVE-2017-17733 Unspecified vulnerability in Maccms 8.0
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.
network
low complexity
maccms
critical
9.8