VYPR

Maccms

by Maccms

CVEs (26)

  • CVE-2022-27884Mar 25, 2022
    risk 0.00cvss epss 0.01

    Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.

  • CVE-2022-27885Mar 25, 2022
    risk 0.00cvss epss 0.01

    Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.

  • CVE-2020-21434Oct 4, 2021
    risk 0.00cvss epss 0.01

    Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.

  • CVE-2020-21081Sep 14, 2021
    risk 0.00cvss epss 0.00

    A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.

  • CVE-2018-19465Jun 7, 2019
    risk 0.00cvss epss 0.01

    Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.

  • CVE-2019-9829Mar 15, 2019
    risk 0.00cvss epss 0.02

    Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.

Page 2 of 2