Vulnerabilities > Maccms > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-16 CVE-2021-45787 Cross-site Scripting vulnerability in Maccms 10.0
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos.
network
low complexity
maccms CWE-79
5.4
5.4
2021-10-04 CVE-2020-21434 Cross-site Scripting vulnerability in Maccms 10.0
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module.
network
low complexity
maccms CWE-79
5.4
5.4
2021-10-04 CVE-2020-21387 Cross-site Scripting vulnerability in Maccms 10.0
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.
network
low complexity
maccms CWE-79
6.1
6.1
2021-09-14 CVE-2020-21081 Cross-Site Request Forgery (CSRF) vulnerability in Maccms 8.0
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
network
low complexity
maccms CWE-352
6.5
6.5
2021-09-14 CVE-2020-21082 Cross-site Scripting vulnerability in Maccms 8.0
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.
network
low complexity
maccms CWE-79
6.1
6.1
2021-08-11 CVE-2020-21362 Cross-site Scripting vulnerability in Maccms 10.0
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
network
low complexity
maccms CWE-79
5.4
5.4
2021-08-11 CVE-2020-21363 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0
An arbitrary file deletion vulnerability exists within Maccms10.
network
low complexity
maccms CWE-610
6.5
6.5
2019-06-07 CVE-2018-19465 Cross-site Scripting vulnerability in Maccms 7.0/8.0
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
network
low complexity
maccms CWE-79
6.1
6.1
2019-02-27 CVE-2019-8410 Cross-site Scripting vulnerability in Maccms 7.0/8.0
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
network
low complexity
maccms CWE-79
6.1
6.1