Filtered by vendor Maccms
Subscribe
Search
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31303 | 1 Maccms | 1 Maccms | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | |||||
| CVE-2022-31302 | 1 Maccms | 1 Maccms | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | |||||
| CVE-2020-21387 | 1 Maccms | 1 Maccms | 2021-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | |||||
| CVE-2020-21434 | 1 Maccms | 1 Maccms | 2021-10-07 | 3.5 LOW | 5.4 MEDIUM |
| Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. | |||||
| CVE-2020-21081 | 1 Maccms | 1 Maccms | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL. | |||||
| CVE-2020-21082 | 1 Maccms | 1 Maccms | 2021-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names. | |||||
| CVE-2020-21363 | 1 Maccms | 1 Maccms | 2021-08-16 | 5.5 MEDIUM | 6.5 MEDIUM |
| An arbitrary file deletion vulnerability exists within Maccms10. | |||||
| CVE-2020-21362 | 1 Maccms | 1 Maccms | 2021-08-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. | |||||
| CVE-2018-19465 | 1 Maccms | 1 Maccms | 2019-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html. | |||||
| CVE-2019-8410 | 1 Maccms | 1 Maccms | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | |||||