magicblack
Products
1- 11 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10395 | 0.00 | — | 0.00 | Sep 14, 2025 | A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the… | |||
| CVE-2022-44870 | 0.00 | — | 0.01 | Jan 6, 2023 | A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. | |||
| CVE-2022-35148 | 0.00 | — | 0.01 | Aug 17, 2022 | maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | |||
| CVE-2022-27887 | 0.00 | — | 0.01 | Mar 25, 2022 | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | |||
| CVE-2022-27884 | 0.00 | — | 0.01 | Mar 25, 2022 | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | |||
| CVE-2021-45787 | 0.00 | — | 0.00 | Mar 16, 2022 | There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks. | |||
| CVE-2021-45786 | 0.00 | — | 0.01 | Mar 16, 2022 | In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges. | |||
| CVE-2020-21387 | 0.00 | — | 0.01 | Oct 4, 2021 | A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | |||
| CVE-2020-21386 | 0.00 | — | 0.00 | Oct 4, 2021 | A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | |||
| CVE-2020-20514 | 0.00 | — | 0.00 | Sep 24, 2021 | A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/.html allows authenticated attackers to delete all users. | |||
| CVE-2020-21362 | 0.00 | — | 0.00 | Aug 11, 2021 | A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. |
- CVE-2025-10395Sep 14, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the…
- CVE-2022-44870Jan 6, 2023risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
- CVE-2022-35148Aug 17, 2022risk 0.00cvss —epss 0.01
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.
- CVE-2022-27887Mar 25, 2022risk 0.00cvss —epss 0.01
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.
- CVE-2022-27884Mar 25, 2022risk 0.00cvss —epss 0.01
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.
- CVE-2021-45787Mar 16, 2022risk 0.00cvss —epss 0.00
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
- CVE-2021-45786Mar 16, 2022risk 0.00cvss —epss 0.01
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
- CVE-2020-21387Oct 4, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.
- CVE-2020-21386Oct 4, 2021risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
- CVE-2020-20514Sep 24, 2021risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/.html allows authenticated attackers to delete all users.
- CVE-2020-21362Aug 11, 2021risk 0.00cvss —epss 0.00
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.