Vulnerabilities > Maccms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2020-21081 | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 8.0 A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL. | 4.3 |
| 2021-09-14 | CVE-2020-21082 | Cross-site Scripting vulnerability in Maccms 8.0 A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names. | 4.3 |
| 2021-08-11 | CVE-2020-21363 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0 An arbitrary file deletion vulnerability exists within Maccms10. | 5.5 |
| 2019-06-07 | CVE-2018-19465 | Cross-site Scripting vulnerability in Maccms Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html. | 4.3 |
| 2019-03-15 | CVE-2019-9829 | Code Injection vulnerability in Maccms 10.0 Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. | 6.5 |
| 2019-02-27 | CVE-2019-8410 | Cross-site Scripting vulnerability in Maccms Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | 4.3 |
| 2018-06-14 | CVE-2018-12114 | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | 6.8 |