VYPR

maccms10

by magicblack

CVEs (11)

  • CVE-2025-10395Sep 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the…

  • CVE-2022-44870Jan 6, 2023
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.

  • CVE-2022-35148Aug 17, 2022
    risk 0.00cvss epss 0.01

    maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.

  • CVE-2022-27887Mar 25, 2022
    risk 0.00cvss epss 0.01

    Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.

  • CVE-2022-27884Mar 25, 2022
    risk 0.00cvss epss 0.01

    Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.

  • CVE-2021-45787Mar 16, 2022
    risk 0.00cvss epss 0.00

    There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.

  • CVE-2021-45786Mar 16, 2022
    risk 0.00cvss epss 0.01

    In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.

  • CVE-2020-21387Oct 4, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.

  • CVE-2020-21386Oct 4, 2021
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.

  • CVE-2020-20514Sep 24, 2021
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/.html allows authenticated attackers to delete all users.

  • CVE-2020-21362Aug 11, 2021
    risk 0.00cvss epss 0.00

    A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.