Vulnerabilities > Maccms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-06 | CVE-2022-44870 | Cross-site Scripting vulnerability in Maccms 10.0 A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. | 6.1 |
| 2022-03-31 | CVE-2021-43707 | Cross-site Scripting vulnerability in Maccms 10.0 Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. | 4.3 |
| 2022-03-25 | CVE-2022-26573 | Cross-site Scripting vulnerability in Maccms 10.0 Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. | 4.3 |
| 2022-03-25 | CVE-2022-27884 | Cross-site Scripting vulnerability in Maccms 10.0 Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | 4.3 |
| 2022-03-25 | CVE-2022-27885 | Cross-site Scripting vulnerability in Maccms 10.0 Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. | 4.3 |
| 2022-03-25 | CVE-2022-27886 | Cross-site Scripting vulnerability in Maccms 10.0 Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | 4.3 |
| 2022-03-25 | CVE-2022-27887 | Cross-site Scripting vulnerability in Maccms 10.0 Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | 4.3 |
| 2021-10-04 | CVE-2020-21386 | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | 6.8 |
| 2021-10-04 | CVE-2020-21387 | Cross-site Scripting vulnerability in Maccms 10.0 A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | 4.3 |
| 2021-09-24 | CVE-2020-20514 | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | 4.9 |